EUVD-2025-21246CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. This affects an unknown part of the file /ulocateus.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Analysis
CVE-2025-7515 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /ulocateus.php file where the 'doctorname' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.
Technical Context
The vulnerability exists in a PHP-based web application (code-projects Online Appointment Booking System 1.0) that likely uses a MySQL or similar relational database backend. The root cause is CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - 'Injection'), manifesting as SQL injection. The /ulocateus.php endpoint accepts user-supplied input via the 'doctorname' parameter without proper parameterized queries, prepared statements, or input validation/sanitization. This allows attackers to inject SQL metacharacters and malicious SQL commands into database queries. The affected CPE would be: cpe:2.3:a:code-projects:online_appointment_booking_system:1.0:*:*:*:*:*:*:*
Affected Products
[{'vendor': 'code-projects', 'product': 'Online Appointment Booking System', 'affected_versions': ['1.0'], 'vulnerable_component': '/ulocateus.php (doctorname parameter)', 'cpe': 'cpe:2.3:a:code-projects:online_appointment_booking_system:1.0:*:*:*:*:*:*:*'}]
Remediation
[{'type': 'Patching', 'description': 'Upgrade to a patched version >1.0 if available from code-projects. No specific patch version identified in available intelligence; contact vendor directly or monitor security advisories.'}, {'type': 'Immediate Mitigation (if patching unavailable)', 'steps': ["Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the 'doctorname' parameter (e.g., detect single quotes, SQL keywords like UNION, SELECT, DROP)", 'Disable or restrict access to /ulocateus.php if not critical to operations', 'Implement rate limiting and IP-based access controls to the vulnerable endpoint']}, {'type': 'Code-Level Fix (if in-house deployment)', 'steps': ['Replace all string concatenation in SQL queries with parameterized prepared statements (e.g., mysqli_prepare() or PDO prepared statements in PHP)', "Implement input validation: whitelist allowed characters for 'doctorname' (alphanumeric, spaces, hyphens only)", 'Apply output encoding for any database results displayed to users', 'Conduct full code review of /ulocateus.php and related database interaction code']}, {'type': 'Detection', 'steps': ['Monitor database query logs for unusual SQL patterns or errors originating from /ulocateus.php', 'Enable SQL error logging and alerting', "Review web server access logs for suspicious characters in 'doctorname' parameter (encoded quotes, SQL keywords)"]}]
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today