Online Appointment Booking System
Monthly
CVE-2025-7587 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cover.php endpoint where uname and psw parameters are not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, authentication bypass, and database manipulation. The vulnerability has been publicly disclosed with working exploits available, making active exploitation highly probable in the wild.
CVE-2025-7541 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /get_town.php endpoint where the 'countryid' parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the appointment booking system database. The vulnerability has been publicly disclosed with proof-of-concept code available, significantly increasing real-world exploitation risk.
CVE-2025-7540 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 affecting the /getclinic.php file's townid parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the database. The vulnerability has been publicly disclosed with exploit code available, creating immediate operational risk for deployed instances.
CVE-2025-7539 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getdoctordaybooking.php file via the 'cid' parameter. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database records. Exploitation has been publicly disclosed with proof-of-concept availability, and the vulnerability may be actively exploited in the wild.
CVE-2025-7517 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getDay.php file's cidval parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and exploitation requires no special privileges or user interaction, making it an immediate threat to deployed instances.
CVE-2025-7516 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cancelbookingpatient.php endpoint via the 'appointment' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of appointment records and sensitive patient information. Public disclosure and proof-of-concept availability indicate active exploitation risk.
CVE-2025-7515 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /ulocateus.php file where the 'doctorname' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.
CVE-2025-7587 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cover.php endpoint where uname and psw parameters are not properly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, authentication bypass, and database manipulation. The vulnerability has been publicly disclosed with working exploits available, making active exploitation highly probable in the wild.
CVE-2025-7541 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /get_town.php endpoint where the 'countryid' parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the appointment booking system database. The vulnerability has been publicly disclosed with proof-of-concept code available, significantly increasing real-world exploitation risk.
CVE-2025-7540 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 affecting the /getclinic.php file's townid parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the database. The vulnerability has been publicly disclosed with exploit code available, creating immediate operational risk for deployed instances.
CVE-2025-7539 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getdoctordaybooking.php file via the 'cid' parameter. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database records. Exploitation has been publicly disclosed with proof-of-concept availability, and the vulnerability may be actively exploited in the wild.
CVE-2025-7517 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getDay.php file's cidval parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and exploitation requires no special privileges or user interaction, making it an immediate threat to deployed instances.
CVE-2025-7516 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cancelbookingpatient.php endpoint via the 'appointment' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of appointment records and sensitive patient information. Public disclosure and proof-of-concept availability indicate active exploitation risk.
CVE-2025-7515 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /ulocateus.php file where the 'doctorname' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.