SQL Injection Vulnerability in Online Doctor Appointment Booking System by Projectworlds
CVE-2020-29168

9.8CRITICAL

Key Information:

Vendor: Online Doctor Appointment Booking System PHP And Mysql Project
Status: Online Doctor Appointment Booking System PHP And Mysql
Vendor: CVE Published:; 17 February 2023

What is CVE-2020-29168?

The Online Doctor Appointment Booking System by Projectworlds is susceptible to SQL Injection through the 'q' parameter in the getuser.php endpoint. This vulnerability can be exploited by malicious actors to retrieve sensitive information from the database, potentially compromising user data and privacy. It highlights the importance of implementing proper input validation and sanitization mechanisms to protect against such vulnerabilities.

References

https://projectworlds.in/free-projects/php-projects/onlin...

https://projectworlds.in/wp-content/uploads/2020/05/PHP-D...

https://www.exploit-db.com/exploits/49059

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Nov 27, 2020

Online Doctor Appointment Booking System PHP And Mysql Project

What is CVE-2020-29168?

References

CVSS V3.1

Timeline