CVE-2025-8930

A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published: Aug 14, 2025
Updated: Aug 15, 2025
CVE: CVE-2025-8930
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
fabian / medical_store_management_system	1.0	1.0.x

https://code-projects.org/
https://vuldb.com/?ctiid.319889
https://vuldb.com/?id.319889
https://vuldb.com/?submit.631663
https://www.yuque.com/gongzi-jsnek/xb2q3a/uv3gmxc8tpmbg4vw?singleDoc
https://www.yuque.com/gongzi-jsnek/xb2q3a/uv3gmxc8tpmbg4vw#vulnerability-details-and-poc

Vulnerability Database

CVE-2025-8930

Deep Security Visibility Without the Complexity