CVE-2025-50383 PoC — Easy!Appointments 安全漏洞

来源

关联漏洞

介绍

# CVE-2025-50383
# Description
A low-privileged authenticated user can exploit this vulnerability by sending a crafted HTTP POST request with a malicious order_by parameter (e.g., order_by=IF(1=1,SLEEP(5),1)). This can trigger time-based blind SQL injection, resulting in unauthorized SQL execution on the underlying MySQL database and leading to full SQL injection exploitation.

# Affected Endpoints
Exploitable by low-privileged authenticated users (roles: Customers and Providers):
1. /index.php/customers/search
2. /index.php/Unavailabilities/search
3. /index.php/Appointments/search

Exploitable only by Administrator:
1. /index.php/providers/search
2. /index.php/secretaries/search
3. /index.php/admins/search
4. /index.php/service_categories/search
5. /index.php/services/search
6. /index.php/Blocked_periods/search
6. /index.php/Webhooks/search

# Steps to Reproduce

1. Intercept a valid authenticated request to one of the vulnerable endpoints.
2. Add the hidden order_by parameter in the request body.
3. Inject a malicious payload, for example: order_by=IF(1=1,SLEEP(5),1)
4. Send the modified request.
5. The application response is delayed, confirming time-based blind SQL injection.
# Fixed
https://github.com/alextselegidis/easyappointments/releases/tag/1.5.2-beta.1

文件快照

 [4.0K]  /data/pocs/c26bf4d6aacc9d0a2306e4b6211e4ea752e3d03d
└── [1.3K]  README.md

0 directories, 1 file

备注