A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 15 Apr 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Projectworlds
Projectworlds online Doctor Appointment Booking System Php And Mysql
CPEs cpe:2.3:a:projectworlds:online_doctor_appointment_booking_system_php_and_mysql:1.0:*:*:*:*:*:*:*
Vendors & Products Projectworlds
Projectworlds online Doctor Appointment Booking System Php And Mysql

Mon, 07 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 03 Apr 2025 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title projectworlds Online Doctor Appointment Booking System getschedule.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-04-07T16:40:59.348Z

Reserved: 2025-04-03T08:38:50.532Z

Link: CVE-2025-3182

cve-icon Vulnrichment

Updated: 2025-04-07T16:40:48.597Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-03T22:15:21.533

Modified: 2025-04-15T12:36:25.193

Link: CVE-2025-3182

cve-icon Redhat

No data.