CVE-2025-10620 MEDIUM

CVE-2025-10620: itsourcecode Online Clinic Management System editp2.php sql injection

Vendor Itsourcecode

Product Online Clinic Management System

Weakness CWE-89 · SQLi

Published September 17, 2025

Last update September 18, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in itsourcecode Online Clinic Management System 1.0. This vulnerability affects unknown code of the file /editp2.php. Executing manipulation of the argument id/firstname/lastname/type/age/address can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

September 17, 2025 CVE published

September 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10620 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter CVE-2025-49452 WordPress PostaPanduri plugin <= 2.1.3 - SQL Injection Vulnerability CVE-2023-2149 Campcodes Online Thesis Archiving System manage_user.php sql injection CVE-2024-7198 SourceCodester Complaints Report Management System manage_station.php sql injection CVE-2025-32429 XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter