SourceCodester Doctors Appointment System create-account.php sql injection
CVE-2023-1058

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Doctors Appointment System
Vendor
CVE Published:
27 February 2023

Summary

A security flaw has been identified in the SourceCodester Doctors Appointment System 1.0, specifically related to the create-account.php file. The vulnerability arises from improper handling of the newemail argument, allowing attackers to execute SQL injection attacks remotely. This exploitation could potentially compromise database integrity and lead to unauthorized access to sensitive information. Security measures should be implemented promptly to mitigate this risk, as the details of the vulnerability have been made publicly available.

Affected Version(s)

Doctors Appointment System 1.0

References

https://vuldb.com/?id.221823
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221823
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (VulDB User)
.