CVE-2019-25473

Name of the Vulnerable Software and Affected Versions Clinic Pro (affected versions not specified)

Description Clinic Pro contains a SQL injection flaw that allows authenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the month parameter. Attackers can send POST requests to the ''monthly expense overview'' endpoint with manipulated month values. Exploitation involves boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.