SQL Injection Vulnerability in Online Doctor Appointment Booking System by BigTiger2020
CVE-2020-29283

9.8CRITICAL

Key Information:

Vendor: Online Doctor Appointment Booking System PHP And Mysql Project
Status: Online Doctor Appointment Booking System PHP And Mysql
Vendor: CVE Published:; 2 December 2020

What is CVE-2020-29283?

An SQL injection vulnerability exists in the Online Doctor Appointment Booking System, allowing attackers to manipulate the q parameter in getuser.php to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive database information, compromising the integrity and confidentiality of user data. Safe coding practices and proper input validation are essential to mitigate this risk.

References

https://github.com/BigTiger2020/Online-Doctor-Appointment...

x_refsource_MISC

https://projectworlds.in/free-projects/php-projects/onlin...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 2, 2020
Vulnerability Reserved
Nov 27, 2020

Online Doctor Appointment Booking System PHP And Mysql Project

What is CVE-2020-29283?

References

CVSS V3.1

Timeline