Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Clinic Pro Lets Authorized Users Access Sensitive Data
CVE-2019-25473
Summary
Clinic Pro has a security flaw that allows authorized users to access sensitive information by manipulating database queries. This could let attackers view private data. Update Clinic Pro to fix this vulnerability to prevent unauthorized access to sensitive information.
Original title
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST reque...
Original description
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.
nvd CVSS3.1
7.1
nvd CVSS4.0
7.1
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026