SourceCodester Doctors Appointment System login.php sql injection
CVE-2023-4219

7.5HIGH

Key Information:

Vendor

SourceCodester
Status
Doctors Appointment System
Vendor
CVE Published:
8 August 2023

What is CVE-2023-4219?

An SQL injection vulnerability exists in the login.php file of SourceCodester Doctors Appointment System version 1.0. This flaw allows attackers to manipulate the 'useremail' argument, potentially enabling unauthorized access to sensitive data by executing malicious SQL statements. As the exploit can be initiated remotely, it poses a significant security risk for users of this application. The public disclosure of this vulnerability has heightened concerns over its exploitation, making timely remediation essential.

Affected Version(s)

Doctors Appointment System 1.0

References

https://vuldb.com/?id.236365
vdb-entrytechnical-description
https://vuldb.com/?ctiid.236365
signaturepermissions-required
https://github.com/Yesec/-Doctor-s-Appointment-System/blo...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YeSec (VulDB User)
JSON
.