Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month par…

CVE-2019-25473 is a SQL injection vulnerability in Clinic Pro that affects the monthly_expense_overview endpoint. Authenticated attackers can manipulate database queries by injecting malicious SQL code through the month parameter. The vulnerability allows for multiple exploitation techniques including boolean-based blind, time-based blind, and error-based SQL injection. Successful exploitation can lead to extraction of sensitive database information. The vulnerability requires authentication but provides significant access to backend database contents once exploited.