{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T20:27:11.153","vulnerabilities":[{"cve":{"id":"CVE-2025-57254","sourceIdentifier":"cve@mitre.org","published":"2025-09-30T18:15:51.093","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL queries, leading to unauthorized access or potential data breaches. This can result in privilege escalation, account takeover, or exposure of sensitive medical data."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en user-login.PHP y index.PHP de Karthikg1908 Hospital Management System (HMS) 1.0 permite a atacantes remotos ejecutar consultas SQL arbitrarias a través de los parámetros POST de nombre de usuario y contraseña. La aplicación no logra sanear adecuadamente la entrada antes de incrustarla en consultas SQL, lo que lleva a acceso no autorizado o posibles filtraciones de datos. Esto puede resultar en escalada de privilegios, toma de control de cuentas o exposición de datos médicos sensibles."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/Karthikg1908/Hospital-Management-System","source":"cve@mitre.org"},{"url":"https://github.com/ischyr/research-and-development/tree/main/CVE-2025-57254","source":"cve@mitre.org"}]}}]}