Vulnerabilities
Vulnerable Software
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-11
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION["userid"]=$_POST["userid"] at line 68 in doctors\doctorlogin.php, where userid under POST is not a session variable controlled by the server.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-08-15
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
CVSS Score
7.5
EPSS Score
0.722
Published
2021-03-24
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
CVSS Score
7.5
EPSS Score
0.762
Published
2021-03-24
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
CVSS Score
7.5
EPSS Score
0.714
Published
2021-03-24
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
CVSS Score
7.5
EPSS Score
0.714
Published
2021-03-24
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
CVSS Score
9.8
EPSS Score
0.787
Published
2021-03-05
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-03-01
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-03-01
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
CVSS Score
6.5
EPSS Score
0.223
Published
2021-02-18


Contact Us

Shodan ® - All rights reserved