Login Sign Up

CVE-2025-5246

7.3 HIGH
SQL Injection

📋 TL;DR

A critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the adminremark parameter in /hms/admin/query-details.php. This affects all systems running the vulnerable version, potentially exposing sensitive patient and hospital data.

💻 Affected Systems

Products:
  • Campcodes Online Hospital Management System
Versions: 1.0
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web application component only; no specific OS requirements.

📦 What is this software?

Online Hospital Management System by Campcodes

View all CVEs affecting Online Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized access to sensitive patient records, administrative credentials theft, and database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only read access to non-sensitive data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access to reach /hms/admin/query-details.php, but SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.campcodes.com/

Restart Required: No

Instructions:

No official patch available. Consider migrating to a supported version or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement parameterized queries or input validation for the adminremark parameter.

Modify /hms/admin/query-details.php to use prepared statements with bound parameters

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting adminremark parameter.

Configure WAF to detect and block SQL injection attempts in POST/GET parameters

🧯 If You Can't Patch

  • Restrict network access to the HMS admin interface to trusted IPs only
  • Implement database user with minimal privileges (read-only if possible)

🔍 How to Verify

Check if Vulnerable:

Test the adminremark parameter with SQL injection payloads like ' OR '1'='1 in the query-details.php interface

Check Version:

Check application version in admin panel or source code comments

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return error messages or are properly sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts followed by access to query-details.php
  • HTTP requests with SQL keywords in adminremark parameter

Network Indicators:

  • POST requests to /hms/admin/query-details.php containing SQL injection patterns

SIEM Query:

source="web_logs" AND uri_path="/hms/admin/query-details.php" AND (param="adminremark" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|or|and|'|--|#)")

📊 Metadata

CVE ID: CVE-2025-5246
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.06% exploit probability (18.5th percentile)
Published: May 27, 2025
Last Updated: May 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5246, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)