CVE-2025-57254

Published: Sep 30, 2025

Modified: Oct 1, 2025

PUBLISHED

Description

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL queries, leading to unauthorized access or potential data breaches. This can result in privilege escalation, account takeover, or exposure of sensitive medical data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Karthikg1908/Hospital-Management-System

https://github.com/ischyr/research-and-development/tree/main/CVE-2025-57254

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57254

Description

Affected Products

References