SourceCodester Doctors Appointment System patient.php sql injection
CVE-2023-1056

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Doctors Appointment System
Vendor
CVE Published:
27 February 2023

Summary

A security flaw exists in the Doctors Appointment System developed by SourceCodester, specifically in the /edoc/doctor/patient.php file. The vulnerability stems from improper handling of the search12 argument, allowing attackers to perform SQL injection attacks remotely. This vulnerability has been made public and can potentially be exploited, compromising database integrity and security.

Affected Version(s)

Doctors Appointment System 1.0

References

https://vuldb.com/?id.221821
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221821
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.