CVE-2025-7541

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

code-projects Online Appointment Booking System version 1.0

Description:

A critical issue exists in code-projects Online Appointment Booking System. The vulnerability is located in the /get town.php file and involves SQL injection through manipulation of the countryid argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. Other parameters may also be affected.

Recommendations:

As a temporary workaround, consider restricting access to the /get town.php file until a fix is available. Sanitize the countryid parameter to prevent SQL injection attacks.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-7541

Affected Products

Online Appointment Booking System

CVE-2025-7541

Name of the Vulnerable Software and Affected Versions:

Description:

Recommendations:

Weakness Enumeration

Related Identifiers

Affected Products

References · 10