Login Sign Up

CVE-2025-5716

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This critical SQL injection vulnerability in SourceCodester Open Source Clinic Management System 1.0 allows attackers to manipulate database queries via the email parameter in /login.php. Attackers can remotely execute arbitrary SQL commands, potentially compromising the entire database. All users running version 1.0 are affected.

💻 Affected Systems

Products:
  • SourceCodester Open Source Clinic Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.0 are vulnerable by default. No special configuration required.

📦 What is this software?

Open Source Clinic Management System by Nikhil Bhalerao

View all CVEs affecting Open Source Clinic Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized access to sensitive patient records, appointment data, and administrative credentials stored in the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. SQL injection via login page requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates. Consider migrating to alternative software.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side input validation to sanitize email parameter before SQL processing

Implement parameterized queries or prepared statements in login.php

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

Configure WAF to block SQL injection patterns targeting /login.php

🧯 If You Can't Patch

  • Isolate the system behind a reverse proxy with strict input validation
  • Implement network segmentation to limit database access from web server

🔍 How to Verify

Check if Vulnerable:

Test /login.php endpoint with SQL injection payloads in email parameter (e.g., ' OR '1'='1)

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

Verify parameterized queries are implemented and SQL injection attempts return proper error handling

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL syntax in email parameter logs
  • Multiple failed login attempts with SQL patterns
  • Database error messages in web logs

Network Indicators:

  • HTTP POST requests to /login.php containing SQL keywords in email parameter
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/login.php" AND (email="*OR*" OR email="*UNION*" OR email="*SELECT*" OR email="*--*")

📊 Metadata

CVE ID: CVE-2025-5716
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (9.4th percentile)
Published: June 6, 2025
Last Updated: June 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5716, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)