A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5364 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Hospital Management System, specifically within the /doctor/add-patient.php file. The vulnerability arises from improper sanitization or validation of the 'patname' parameter, which is used in SQL queries. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially altering the intended database queries. This can lead to unauthorized access, data leakage, or modification of sensitive patient and hospital data. The vulnerability requires no authentication or user interaction, making it exploitable by any remote attacker with network access to the affected system. Although the CVSS 4.0 score is 6.9 (medium severity), the impact on confidentiality, integrity, and availability is significant due to the sensitive nature of healthcare data. The vulnerability does not require privileges or user interaction, and the attack vector is network-based, increasing the risk of exploitation. No public exploits are currently known in the wild, but the exploit details have been disclosed publicly, increasing the likelihood of future attacks. The lack of available patches or vendor advisories at this time means affected organizations must rely on mitigation strategies until an official fix is released.

CVE Database V5

Detailed information about CVE-2025-5364: SQL Injection in Campcodes Online Hospital Management System affecting Campcodes Online Hospital Management System. Ge

CVE-2025-5364: SQL Injection in Campcodes Online Hospital Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5364: SQL Injection in Campcodes Online Hospital Management System

The threat titled "Azure Arc - C2aaS" refers to a potential Command and Control as a Service (C2aaS) leveraging Microsoft's Azure Arc platform. Azure Arc is a hybrid and multi-cloud management solution that enables organizations to manage and govern resources across on-premises, multi-cloud, and edge environments from a single control plane. The mention of C2aaS in conjunction with Azure Arc suggests that threat actors may be exploiting or planning to exploit Azure Arc's capabilities to establish persistent, stealthy command and control infrastructures. Such abuse could allow attackers to remotely control compromised systems, exfiltrate data, or move laterally across networks under the guise of legitimate Azure Arc management traffic. However, the provided information lacks technical specifics such as vulnerability details, attack vectors, or exploitation methods. There are no affected versions listed, no patches or mitigation advisories, and no known exploits in the wild. The source is a minimal discussion on Reddit's NetSec subreddit with a low engagement score, and a blog.zsec.uk domain is referenced without detailed content. Given the medium severity rating and the nature of Azure Arc as a critical hybrid cloud management tool, the threat likely involves misuse or abuse of legitimate Azure Arc features rather than a direct vulnerability. This could imply risks related to misconfiguration, credential compromise, or supply chain attacks leveraging Azure Arc's management capabilities to facilitate C2 operations.

Reddit NetSec

Detailed information about Azure Arc - C2aaS. Get real-time updates, technical details, and mitigation strategies.

Azure Arc - C2aaS - Live Threat Intelligence - Threat Radar | OffSeq.com

Azure Arc - C2aaS

A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /doctor/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5363 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Hospital Management System, specifically within the /doctor/index.php file. The vulnerability arises due to improper sanitization or validation of the 'Username' parameter, which an attacker can manipulate to inject malicious SQL code. This injection flaw allows remote attackers to execute arbitrary SQL queries on the backend database without requiring authentication or user interaction. The vulnerability is exploitable over the network (AV:N), with low attack complexity (AC:L), and no privileges or user interaction needed (PR:N, UI:N). The impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L), indicating that while the attacker can potentially access or modify some data, the scope and severity of damage are somewhat contained. The vulnerability affects only version 1.0 of the product, and no patches or fixes have been publicly disclosed yet. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of exploitation. The vulnerability's CVSS 4.0 base score is 6.9, categorized as medium severity, reflecting the balance between ease of exploitation and limited impact scope. Given that this is a hospital management system, the potential for exposure of sensitive patient data or disruption of healthcare services is significant if exploited. The SQL injection could lead to unauthorized data access, data modification, or even denial of service if the database is corrupted or locked. The lack of authentication requirement and remote exploitability make this vulnerability particularly dangerous in environments where the affected system is accessible from untrusted networks.

Detailed information about CVE-2025-5363: SQL Injection in Campcodes Online Hospital Management System affecting Campcodes Online Hospital Management System. Ge

CVE-2025-5363: SQL Injection in Campcodes Online Hospital Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5363: SQL Injection in Campcodes Online Hospital Management System

A Pakistan-linked APT group, Transparent Tribe (APT36), is targeting Indian Government and Defense personnel using 'Pahalgam Terror Attack' themed documents. The campaign involves credential phishing and deployment of malicious payloads, with fake domains impersonating Jammu & Kashmir Police and Indian Air Force. The phishing PDF documents contain embedded links leading to fake login pages. A PowerPoint add-on file with malicious macros has been identified, which drops the Crimson RAT payload. The campaign exploits sensitive geopolitical issues to maximize impact and extract intelligence. Multiple phishing domains were created shortly after the attack, impersonating various Indian government entities. The potential impact includes disruption of sensitive operations, information manipulation, and data breaches.

The threat involves a targeted cyber espionage campaign conducted by the Pakistan-linked Advanced Persistent Threat group APT36, also known as Transparent Tribe. This campaign specifically targets Indian government and defense personnel by leveraging geopolitical tensions surrounding the Pahalgam terror attack. The attackers use social engineering techniques, primarily credential phishing, to lure victims. They distribute phishing emails containing PDF documents themed around the Pahalgam terror attack, which embed links to fake login pages impersonating official Indian government entities such as Jammu & Kashmir Police and the Indian Air Force. Additionally, a malicious PowerPoint add-on file with embedded macros has been identified, which, when executed, drops the Crimson Remote Access Trojan (RAT) payload onto the victim's system. Crimson RAT is known for its capabilities to exfiltrate sensitive data, maintain persistence, and enable remote control of compromised systems. The campaign employs multiple fake domains closely mimicking legitimate Indian government domains to increase the likelihood of successful credential harvesting and malware deployment. The attack chain exploits user interaction (opening documents and enabling macros) and does not require prior authentication to initiate the compromise. The campaign's objectives appear to be intelligence gathering, disruption of sensitive government operations, and potential manipulation or theft of critical data. Although no known exploits are reported in the wild for this campaign, the use of social engineering combined with sophisticated malware makes it a significant threat to targeted entities.

AlienVault OTX General

Detailed information about Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government. Get real-time updates, technical details, and 

Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government - Live Threat Intelligence - Threat Radar | OffSeq.com

Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5362 is a critical SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Hospital Management System, specifically within an unspecified function in the /admin/doctor-specilization.php file. The vulnerability arises from improper sanitization or validation of the 'doctorspecilization' parameter, which allows an attacker to inject malicious SQL queries remotely without requiring authentication or user interaction. Exploiting this flaw could enable an attacker to manipulate the backend database, potentially leading to unauthorized data access, data modification, or deletion. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, reflecting the ease of remote exploitation (attack vector: network, no privileges or user interaction needed) but limited impact on confidentiality, integrity, and availability (each rated low to low-medium impact). Although no known exploits are currently reported in the wild, the public disclosure of the vulnerability increases the risk of exploitation attempts. The affected system is a hospital management platform, which typically manages sensitive patient records, appointment schedules, and medical staff information, making the confidentiality and integrity of data critical. The vulnerability's presence in an administrative module further raises the risk of elevated impact if exploited, as administrative interfaces often have broader database access. No official patches or mitigation links have been provided yet, which necessitates immediate attention from users of this software to prevent potential exploitation.

Detailed information about CVE-2025-5362: SQL Injection in Campcodes Online Hospital Management System affecting Campcodes Online Hospital Management System. Ge

CVE-2025-5362: SQL Injection in Campcodes Online Hospital Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5362: SQL Injection in Campcodes Online Hospital Management System

Chinese-speaking threat actors, dubbed UAT-6382, have been exploiting a remote-code-execution vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system. The attacks, which began in January 2025, target local governing bodies in the United States, focusing on utilities management systems. The threat actors deploy various web shells, including AntSword and Chopper, and use custom Rust-based loaders called TetraLoader to deliver Cobalt Strike beacons and VSHell malware. The attackers conduct reconnaissance, enumerate directories, and stage files for exfiltration. Their tooling and tactics indicate a high level of proficiency in the Chinese language, suggesting a Chinese origin for the threat group.

The threat involves exploitation of a zero-day remote code execution (RCE) vulnerability identified as CVE-2025-0944 in Cityworks, a widely used asset management system primarily deployed by local government entities for utilities and infrastructure management. Discovered in early 2025, the vulnerability allows attackers to execute arbitrary code remotely, enabling full system compromise. The threat actors, designated UAT-6382 and characterized by their Chinese language proficiency, have been observed targeting U.S. local government utilities since January 2025. Their attack methodology includes deploying web shells such as AntSword and China Chopper, which facilitate persistent remote access and control. Additionally, they utilize a custom Rust-based loader named TetraLoader to deliver advanced payloads including Cobalt Strike beacons—commonly used for command and control—and VSHell malware, which supports reconnaissance and lateral movement within compromised networks. The attackers perform detailed reconnaissance activities such as directory enumeration and file staging to prepare for data exfiltration. The sophistication of their tooling and operational security indicates a well-resourced and skilled adversary. Despite the severity of the vulnerability, no public patches or mitigations have been released at the time of reporting, and no widespread exploitation beyond the observed incidents has been confirmed. Indicators of compromise include specific IP addresses, file hashes, and domains associated with the malware infrastructure, which can aid in detection and response efforts.

Detailed information about Exploits Cityworks zero-day vulnerability to deliver malware. Get real-time updates, technical details, and mitigation strategies.

Threat Not Found