A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7764 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Online Appointment Booking System, specifically within the /admin/deletedoctorclinic.php file. The vulnerability arises from improper sanitization or validation of the 'clinic' parameter, which is manipulated to inject malicious SQL code. This flaw allows an unauthenticated remote attacker to execute arbitrary SQL commands against the backend database without requiring any user interaction or privileges. The vulnerability is exploitable over the network (AV:N), with low attack complexity (AC:L), no authentication required (PR:N), and no user interaction needed (UI:N). The impact vector includes limited confidentiality, integrity, and availability impacts (VC:L, VI:L, VA:L), indicating that the attacker can potentially read, modify, or delete data but with some constraints. The vulnerability does not affect system confidentiality, integrity, or availability on a systemic scale (SC:N, SI:N, SA:N). The exploit has been publicly disclosed, increasing the risk of exploitation, although no known exploits are currently observed in the wild. The CVSS v4.0 score is 6.9, categorized as medium severity. The vulnerability's presence in an administrative script suggests that it targets backend management functionality, which could allow attackers to manipulate sensitive appointment or clinic data, potentially disrupting healthcare service operations or exposing patient information. Given the nature of appointment booking systems, which often handle personal and scheduling data, exploitation could lead to unauthorized data disclosure, data tampering, or denial of service through database corruption or deletion.

CVE Database V5

Detailed information about CVE-2025-7764: SQL Injection in code-projects Online Appointment Booking System affecting code-projects Online Appointment Booking Sy

CVE-2025-7764: SQL Injection in code-projects Online Appointment Booking System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7764: SQL Injection in code-projects Online Appointment Booking System

A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is an unknown function of the component Site Controller/SSO. The manipulation leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue. Multiple endpoints are affected.

CVE-2025-7763 is an open redirect vulnerability found in thinkgem JeeSite versions up to 5.12.0, specifically within an unspecified function of the Site Controller/SSO component. Open redirect vulnerabilities occur when an application accepts untrusted input that causes it to redirect users to external, potentially malicious URLs without proper validation. This flaw allows remote attackers to craft URLs that appear legitimate but redirect users to attacker-controlled sites, facilitating phishing attacks, credential theft, or distribution of malware. The vulnerability does not require authentication and can be exploited remotely with user interaction (clicking a malicious link). Multiple endpoints in the affected component are vulnerable, increasing the attack surface. The vulnerability has been publicly disclosed with a patch identified by commit 3d06b8d009d0267f0255acc87ea19d29d07cedc3, though no known exploits are currently observed in the wild. The CVSS v4.0 score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required for exploitation, and limited impact on integrity and availability but no impact on confidentiality. The vulnerability primarily impacts web applications using JeeSite for site management and single sign-on functionality, which are common in enterprise environments that rely on this framework for internal or customer-facing portals.

Detailed information about CVE-2025-7763: Open Redirect in thinkgem JeeSite affecting thinkgem JeeSite. Get real-time updates, technical details, and mitigation

CVE-2025-7763: Open Redirect in thinkgem JeeSite - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7763: Open Redirect in thinkgem JeeSite

New TeleMessage SGNL Vulnerability Is Actively Being Exploited by Attackers

Source: https://hackread.com/telemessage-sgnl-flaw-actively-exploited-by-attackers/

The reported security threat concerns a newly discovered vulnerability in TeleMessage SGNL, a secure messaging platform used for encrypted communication. According to the information sourced from a Reddit InfoSec News post and linked article on hackread.com, this vulnerability is actively being exploited by attackers. However, the details provided are minimal, with no specific affected versions, no CVE identifier, no technical vulnerability classification (CWE), and no available patches or mitigation details. The severity is indicated as medium, and there are no known exploits in the wild officially confirmed beyond the claim of active exploitation. TeleMessage SGNL is typically used in environments requiring secure communication, including corporate and governmental sectors. The lack of detailed technical information suggests the vulnerability might be either recently discovered or under limited disclosure. The threat likely involves unauthorized access or manipulation of secure messages, potentially compromising confidentiality and integrity of communications. The exploitation could involve bypassing encryption or authentication mechanisms, but this remains speculative due to insufficient technical data. The minimal discussion and low Reddit score indicate limited community awareness or verification at this stage. Overall, the threat represents a medium-severity risk to users of TeleMessage SGNL, with active exploitation claims warranting immediate attention from affected organizations to monitor updates and prepare for mitigation once more information becomes available.

Reddit InfoSec News

Detailed information about New TeleMessage SGNL Vulnerability Is Actively Being Exploited by Attackers. Get real-time updates, technical details, and mitigation

New TeleMessage SGNL Vulnerability Is Actively Being Exploited by Attackers - Live Threat Intelligence - Threat Radar | OffSeq.com

New TeleMessage SGNL Vulnerability Is Actively Being Exploited by Attackers

Reddit Discussion: New TeleMessage SGNL Vulnerability Is Actively Being Exploited by Attackers

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7762 is a critical stack-based buffer overflow vulnerability identified in the D-Link DI-8100 router, specifically affecting firmware version 16.07.26A1. The vulnerability resides in the HTTP Request Handler component, particularly in the processing of the /menu_nat_more.asp file. An attacker can remotely exploit this flaw by sending specially crafted HTTP requests to the affected endpoint, causing a stack-based buffer overflow. This overflow can lead to arbitrary code execution, potentially allowing an attacker to take full control of the device without requiring user interaction or prior authentication. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity, with attack vector being network-based (remote), low attack complexity, no privileges required, and no user interaction needed. The impact metrics indicate high confidentiality, integrity, and availability impacts, meaning an attacker could exfiltrate sensitive data, modify device configurations, or disrupt network services. Although no public exploits are currently known to be in the wild, the vulnerability details have been disclosed publicly, increasing the risk of exploitation by threat actors. The lack of available patches at this time further exacerbates the risk. Given the critical nature of this flaw and the widespread use of D-Link DI-8100 routers in various enterprise and ISP environments, this vulnerability poses a significant threat to network security.

Detailed information about CVE-2025-7762: Stack-based Buffer Overflow in D-Link DI-8100 affecting D-Link DI-8100. Get real-time updates, technical details, and 

CVE-2025-7762: Stack-based Buffer Overflow in D-Link DI-8100 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7762: Stack-based Buffer Overflow in D-Link DI-8100

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7765: SQL Injection in code-projects Online Appointment Booking System affecting code-projects Online Appointment Booking Sy

CVE-2025-7765: SQL Injection in code-projects Online Appointment Booking System

CVE-2025-7765: SQL Injection in code-projects Online Appointment Booking System

Description

Technical Details

Related Threats

CVE-2025-7764: SQL Injection in code-projects Online Appointment Booking System

CVE-2025-7763: Open Redirect in thinkgem JeeSite

New TeleMessage SGNL Vulnerability Is Actively Being Exploited by Attackers

CVE-2025-7762: Stack-based Buffer Overflow in D-Link DI-8100

CVE-2025-6391: CWE-532: Insertion of Sensitive Information into Log File in Broadcom Brocade ASCG

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility