MidnightBSD

Advisories for rickxy

CVE-2025-63497

The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries.

Products Affected

Vendor Product Version
rickxy hospital_management_system 1.0