CVE-2025-7753

HIGH

code-projects Online Appointment Booking System 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-7753. PoCs published by byteReaper77.

AI-analyzed exploit summary This repository contains a functional C-based exploit for CVE-2025-7753, demonstrating an unauthenticated SQL injection in Online Appointment Booking System 1.0 via the `username` parameter in `/admin/adddoctor.php`. The exploit uses libcurl to send crafted payloads and includes time-based, error-based, and UNION-based SQLi techniques.

Description

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 2 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-7753

View Code ZIP pw:eip

This repository contains a functional C-based exploit for CVE-2025-7753, demonstrating an unauthenticated SQL injection in Online Appointment Booking System 1.0 via the `username` parameter in `/admin/adddoctor.php`. The exploit uses libcurl to send crafted payloads and includes time-based, error-based, and UNION-based SQLi techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Online Appointment Booking System 1.0

No auth needed

Prerequisites: Linux OS · libcurl dependency · root privileges

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.316743

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.316743

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.615494

Exploit, Issue Tracking exploit issue-tracking

https://github.com/zzb1388/cve/issues/22

Product product

https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0040

EPSS Percentile 31.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

anisha/online_appointment_booking_system 1.0

Published Jul 17, 2025

Tracked Since Feb 18, 2026