PT-2025-14630 · Unknown · Projectworlds Online Doctor Appointment Booking System

Pkey

Publicado

2025-04-03

Atualizado

2025-04-04

CVE-2025-3178

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions projectworlds Online Doctor Appointment Booking System version 1.0

Description A critical issue affects the processing of the file /doctor/deleteappointment.php, where the manipulation of the ID argument leads to sql injection. This issue can be exploited remotely.

Recommendations For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the /doctor/deleteappointment.php file until a patch is available. As a temporary workaround, avoid using the ID argument in the deleteappointment.php file to minimize the risk of exploitation.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-3178

Produtos afetados

Projectworlds Online Doctor Appointment Booking System

PT-2025-14630 · Unknown · Projectworlds Online Doctor Appointment Booking System

CVE-2025-3178

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11