CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Published: Aug 14, 2025
Updated: Aug 15, 2025
CVE: CVE-2025-8931
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
fabian / medical_store_management_system	1.0	1.0.x

https://code-projects.org/
https://vuldb.com/?ctiid.319890
https://vuldb.com/?id.319890
https://vuldb.com/?submit.631664
https://www.yuque.com/gongzi-jsnek/xb2q3a/tdgsgs7k1wrhc20v?singleDoc
https://www.yuque.com/gongzi-jsnek/xb2q3a/tdgsgs7k1wrhc20v#vulnerability-details-and-poc

Vulnerability Database

CVE-2025-8931

Deep Security Visibility Without the Complexity