CVE-2025-8928

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published: Aug 14, 2025
Updated: Aug 15, 2025
CVE: CVE-2025-8928
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
fabian / medical_store_management_system	1.0	1.0.x

https://code-projects.org/
https://vuldb.com/?ctiid.319887
https://vuldb.com/?id.319887
https://vuldb.com/?submit.631661
https://www.yuque.com/gongzi-jsnek/xb2q3a/ktz2n3ywyt85zct3?singleDoc
https://www.yuque.com/gongzi-jsnek/xb2q3a/ktz2n3ywyt85zct3#vulnerability-details-and-poc

Vulnerability Database

CVE-2025-8928

Deep Security Visibility Without the Complexity