CVE-2025-7540

Name of the Vulnerable Software and Affected Versions: code-projects Online Appointment Booking System version 1.0

Description: A critical vulnerability exists in code-projects Online Appointment Booking System 1.0. The issue involves a SQL injection vulnerability in an unknown function within the /getclinic.php file. Manipulation of the townid parameter allows for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected.

Recommendations: As a temporary workaround, consider restricting access to the /getclinic.php file until a fix is available. Sanitize the townid parameter to prevent SQL injection attacks. Review and sanitize all other parameters used in the application to identify and address potential SQL injection vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.