← voltar
CVE-2025-6768

sfturing hosp_order HospitalServiceImpl.java findAllHosByCondition sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74CWE-89
A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
sfturing · hosp_order

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/sfturing/hosp_order/issues/110https://vuldb.com/?ctiid.314082https://vuldb.com/?id.314082https://vuldb.com/?submit.601081