The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Rickxy |
|
No data.
No data.
References
History
Wed, 12 Nov 2025 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rickxy
Rickxy hospital Management System |
|
| Vendors & Products |
Rickxy
Rickxy hospital Management System |
Mon, 10 Nov 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-11-10T00:00:00.000Z
Updated: 2025-11-10T17:04:53.684Z
Reserved: 2025-10-27T00:00:00.000Z
Link: CVE-2025-63497
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2025-11-10T17:15:35.250
Modified: 2025-11-12T16:19:59.103
Link: CVE-2025-63497
Redhat
No data.