PT-2025-29968 · Unknown · Online Appointment Booking System

Zzb1

Published

2025-07-17

Updated

2025-07-17

CVE-2025-7753

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Online Appointment Booking System version 1.0

Description:

A critical issue exists in the Online Appointment Booking System. The vulnerability is due to SQL injection in the `/admin/adddoctor.php` file. The `Username` parameter is susceptible to manipulation, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations:

Online Appointment Booking System version 1.0: Sanitize the `Username` parameter to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Special Elements Injection

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-7753

Affected Products

Online Appointment Booking System

PT-2025-29968 · Unknown · Online Appointment Booking System

Weakness Enumeration

Related Identifiers

Affected Products

References · 8