CVE-2025-3184
📋 TL;DR
This critical SQL injection vulnerability in Online Doctor Appointment Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the patientFirstName parameter in /patient/profile.php. This could lead to unauthorized data access, modification, or deletion. All systems running version 1.0 are affected.
💻 Affected Systems
- projectworlds Online Doctor Appointment Booking System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including patient medical records, appointment data, and administrative credentials leading to data theft, system takeover, or ransomware deployment.
Likely Case
Unauthorized access to sensitive patient data (PII/PHI), appointment manipulation, and potential privilege escalation to administrative functions.
If Mitigated
Limited impact with proper input validation, parameterized queries, and WAF protection blocking malicious SQL payloads.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Simple SQL injection techniques can be used without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check vendor website for updates
2. If no patch available, implement workarounds
3. Consider migrating to alternative software
🔧 Temporary Workarounds
WAF Rule Implementation
allDeploy web application firewall rules to block SQL injection patterns in patientFirstName parameter
# Example ModSecurity rule:
SecRule ARGS:patientFirstName "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"
# Example naxsi rule:
MainRule "str:patientFirstName" "msg:SQLi attempt" "mz:ARGS" "s:$SQL:8" id:1001;
Input Validation Filter
allAdd server-side validation to restrict patientFirstName to alphanumeric characters only
# PHP example:
if (!preg_match('/^[a-zA-Z0-9\s]+$/', $_GET['patientFirstName'])) {
die('Invalid input');
}
🧯 If You Can't Patch
- Isolate the system behind a reverse proxy with strict input validation
- Implement network segmentation to limit database access from web server
🔍 How to Verify
Check if Vulnerable:
Test /patient/profile.php?patientId=1&patientFirstName=' OR '1'='1 and observe if SQL error or unexpected behavior occursCheck Version:
Check system documentation or admin panel for version informationVerify Fix Applied:
Test with same payload after fixes - should return error message or no data instead of executing SQL📡 Detection & Monitoring
Log Indicators:
- SQL syntax errors in web server logs
- Unusual database queries from web application user
- Multiple failed parameter manipulation attempts
Network Indicators:
- HTTP requests with SQL keywords in patientFirstName parameter
- Abnormal database response sizes
SIEM Query:
source="web_logs" AND (patientFirstName="*' OR*" OR patientFirstName="*UNION*" OR patientFirstName="*SELECT*" OR patientFirstName="*--*" OR patientFirstName="*;*" OR patientFirstName="*/*")