CVE-2025-3173

Name of the Vulnerable Software and Affected Versions Project Worlds Online Lawyer Management System version 1.0

Description A critical vulnerability was found in the Project Worlds Online Lawyer Management System. The issue affects an unknown function of the file /save booking.php. The manipulation of the lawyer id and description arguments leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Project Worlds Online Lawyer Management System version 1.0, consider disabling the /save booking.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the lawyer id and description arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.