CVE-2025-50383

HIGH

Easy!Appointments v1.5.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50383. PoCs published by Abdullah4eb.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50383, a time-based blind SQL injection vulnerability in Easy!Appointments. It describes the affected endpoints, exploitation steps, and the patch release, but does not include functional exploit code.

Description

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.

Exploits (1)

nomisec WRITEUP

by Abdullah4eb · poc

https://github.com/Abdullah4eb/CVE-2025-50383

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-50383, a time-based blind SQL injection vulnerability in Easy!Appointments. It describes the affected endpoints, exploitation steps, and the patch release, but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Easy!Appointments (versions prior to 1.5.2)

Auth required

Prerequisites: Authenticated access to the application · Low-privileged user role (Customer/Provider) or Administrator role

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Product

http://alextselegidis.com

Product

https://easyappointments.org/

Exploit, Third Party Advisory

https://github.com/Abdullah4eb/CVE-2025-50383

Scores

CVSS v3 8.1

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

alextselegidis/easyappointments 0 - 1.5.2-beta.1Packagist

easyappointments/easy\!appointments 1.5.1

Published Aug 25, 2025

Tracked Since Feb 18, 2026