Bit0010

**Name of the Vulnerable Software and Affected Versions:** code-projects Online Appointment Booking System version 1.0 **Description:** A critical issue has been identified in the processing of the `/getdoctordaybooking.php` file. Manipulation of the `cid` argument can lead to SQL injection. This attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** code-projects Online Appointment Booking System version 1.0 **Description:** A critical vulnerability exists in code-projects Online Appointment Booking System 1.0. The issue involves a SQL injection vulnerability in an unknown function within the `/getclinic.php` file. Manipulation of the `townid` parameter allows for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected. **Recommendations:** As a temporary workaround, consider restricting access to the `/getclinic.php` file until a fix is available. Sanitize the `townid` parameter to prevent SQL injection attacks. Review and sanitize all other parameters used in the application to identify and address potential SQL injection vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

### Name of the Vulnerable Software and Affected Versions: code-projects Online Appointment Booking System version 1.0 ### Description: A critical issue exists in code-projects Online Appointment Booking System. The vulnerability is located in the `/get town.php` file and involves SQL injection through manipulation of the `countryid` argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. Other parameters may also be affected. ### Recommendations: As a temporary workaround, consider restricting access to the `/get town.php` file until a fix is available. Sanitize the `countryid` parameter to prevent SQL injection attacks.