Vulnerabilities

CVE-2025-15450 - sfturing hosp_order orderHos findOrderHosNum sql injection

2026-01-05 0 views admin

CVE ID : CVE-2025-15450 Published : Jan. 5, 2026, 2:15 a.m. | 40 minutes ago Description : A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15450

Severity

MEDIUM

Published

Jan. 5, 2026

Impact: sql injection

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15450medium

CVE-2025-15450 - sfturing hosp_order orderHos findOrderHosNum sql injection

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-69335 - WordPress Team Showcase plugin <= 2.9 - cross site scripting (xss) vulnerability

CVE-2025-69334 - WordPress Wishlist for WooCommerce plugin <= 3.3.0 - cross site scripting (xss)

Essential Guide: CVE-2025-69352 - WordPress The Events Calendar plugin <= 6.15.12.2 - broken access control vulner...

CVE-2025-69354 - WordPress Better Business Reviews plugin <= 0.1.1 - broken access control vulner

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting