cbcvebase.

Doctor Appointment System Project Doctor Appointment System vulnerabilities

10 known vulnerabilities affecting doctor_appointment_system_project/doctor_appointment_system.

Total CVEs
10
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-27314P2CRITICALCVSS 9.8PoCv1.02021-03-05
CVE-2021-27314 [CRITICAL] CWE-89 CVE-2021-27314: SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to in SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
nvd
CVE-2021-27320P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27320 [HIGH] CWE-89 CVE-2021-27320: Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
nvd
CVE-2021-27319P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27319 [HIGH] CWE-89 CVE-2021-27319: Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
nvd
CVE-2021-27315P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27315 [HIGH] CWE-89 CVE-2021-27315: Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
nvd
CVE-2021-27316P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27316 [HIGH] CWE-89 CVE-2021-27316: Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated atta Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
nvd
CVE-2021-27124P3MEDIUMCVSS 6.5PoCv1.02021-02-18
CVE-2021-27124 [MEDIUM] CWE-89 CVE-2021-27124: SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allo SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
nvd
CVE-2023-40945P3CRITICALCVSS 9.8v1.02023-09-11
CVE-2023-40945 [CRITICAL] CWE-89 CVE-2023-40945: Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
nvd
CVE-2023-39852P3CRITICALCVSS 9.8v1.02023-08-15
CVE-2023-39852 [CRITICAL] CWE-89 CVE-2023-39852: Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION["use
nvd
CVE-2021-27318P4MEDIUMCVSS 6.1v1.02021-03-01
CVE-2021-27318 [MEDIUM] CWE-79 CVE-2021-27318: Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows re Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.
nvd
CVE-2021-27317P4MEDIUMCVSS 6.1v1.02021-03-01
CVE-2021-27317 [MEDIUM] CWE-79 CVE-2021-27317: Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows re Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
nvd
Doctor Appointment System Project Doctor Appointment System vulnerabilities | cvebase