Doctor Appointment System Project Doctor Appointment System vulnerabilities
10 known vulnerabilities affecting doctor_appointment_system_project/doctor_appointment_system.
Total CVEs
10
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-27314P2CRITICALCVSS 9.8PoCv1.02021-03-05
CVE-2021-27314 [CRITICAL] CWE-89 CVE-2021-27314: SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to in
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
nvd
CVE-2021-27320P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27320 [HIGH] CWE-89 CVE-2021-27320: Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
nvd
CVE-2021-27319P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27319 [HIGH] CWE-89 CVE-2021-27319: Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
nvd
CVE-2021-27315P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27315 [HIGH] CWE-89 CVE-2021-27315: Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
nvd
CVE-2021-27316P2HIGHCVSS 7.5PoCv1.02021-03-24
CVE-2021-27316 [HIGH] CWE-89 CVE-2021-27316: Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated atta
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
nvd
CVE-2021-27124P3MEDIUMCVSS 6.5PoCv1.02021-02-18
CVE-2021-27124 [MEDIUM] CWE-89 CVE-2021-27124: SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allo
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
nvd
CVE-2023-40945P3CRITICALCVSS 9.8v1.02023-09-11
CVE-2023-40945 [CRITICAL] CWE-89 CVE-2023-40945: Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
nvd
CVE-2023-39852P3CRITICALCVSS 9.8v1.02023-08-15
CVE-2023-39852 [CRITICAL] CWE-89 CVE-2023-39852: Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION["use
nvd
CVE-2021-27318P4MEDIUMCVSS 6.1v1.02021-03-01
CVE-2021-27318 [MEDIUM] CWE-79 CVE-2021-27318: Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows re
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.
nvd
CVE-2021-27317P4MEDIUMCVSS 6.1v1.02021-03-01
CVE-2021-27317 [MEDIUM] CWE-79 CVE-2021-27317: Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows re
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
nvd