CVE-2025-6407 PUBLISHED

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user-login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

• asants (VulDB User) reporter

• VDB-313401 | Campcodes Online Hospital Management System user-login.php sql injection
• VDB-313401 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #598205 | Campcodes Online Hospital Management System V1.0 SQL Injection
• https://github.com/ASantsSec/CVE/issues/12
• https://www.campcodes.com/

• SQL Injection CWE
• Injection CWE