CVE-2025-15450 | sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8 /ssm_pro/orderHos/ findOrderHosNum hospitalAddress/hospitalName sql injection (Issue 111)

A vulnerability labeled as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection.

This vulnerability is uniquely identified as CVE-2025-15450. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15450 | sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8 /ssm_pro/orderHos/ findOrderHosNum hospitalAddress/hospitalName sql injection (Issue 111)

Post correlati

CVE-2024-54143 | OpenWrt asu Firmware Image weak hash (920c8a1)

CVE-2025-0304 | OpenHarmony up to 4.1.2 use after free

CVE-2024-36047 | Infoblox NIOS up to 8.6.4/9.0.3 input validation

CVE-2025-38745 | Dell OpenManage Enterprise up to 4.2 Backup log file (dsa-2025-314)