SourceCodester Doctors Appointment System login.php edoc sql injection
CVE-2023-1057

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Doctors Appointment System
Vendor
CVE Published:
27 February 2023

What is CVE-2023-1057?

A vulnerability has been identified in SourceCodester's Doctors Appointment System version 1.0, specifically within the login.php file's edoc function. An attacker can exploit this flaw by manipulating the usermail argument, potentially allowing unauthorized access and manipulation of the database. This highlights the importance of proper input validation and security measures to safeguard against SQL injection attacks.

Affected Version(s)

Doctors Appointment System 1.0

References

https://vuldb.com/?id.221822
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221822
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%...
related

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (VulDB User)
JSON
.
CVE-2023-1057 : SourceCodester Doctors Appointment System login.php edoc sql injection