CVE-2025-14939

MEDIUM

Anisha Online Appointment Booking System - Injection

Title source: rule

Description

A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

References (5)

[Product] https://code-projects.org/

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/wegitlab/cve/issues/1

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.337519

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.337519

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.715796

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-74 CWE-89

Status published

Affected Products (1)

anisha/online_appointment_booking_system

Timeline

Published Dec 19, 2025

Tracked Since Feb 18, 2026