CVE-2025-7539— code-projects Online Appointment Booking System getdoctordaybooking.php sql injection

code-projects Online Appointment Booking System getdoctordaybooking.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /getdoctordaybooking.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Code-Projects Online Book Shop 注入漏洞

Code-Projects Online Book Shop是Code-Projects开源的一个在线书店。 Code-Projects Online Book Shop 1.0版本存在注入漏洞，该漏洞源于对文件/getdoctordaybooking.php中参数cid的错误操作导致SQL注入。

N/A

N/A