CVE-2025-3096: Clinics Patient Management System SQL Injection
9.3
CVSS
Description
Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page.
Classification
CVE ID: CVE-2025-3096
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Problem Types
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Affected Products
Vendor: SourceCodester
Product: Clinic's Patient Management System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.44% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3096https://www.sourcecodester.com/php-clinics-patient-management-system-source-code
https://www.cve.org/CVERecord?id=CVE-2022-2297