CVE-2021-27314

2021-03-0423:32:50

mitre

www.cve.org

cve-2021-27314

sql injection

admin.php

doctor appointment system

unauthenticated attacker

malicious sql queries

username parameter

AI Score

Confidence

High

EPSS

0.327

Percentile

97.1%

JSON

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

References

packetstormsecurity.com/files/161641/Doctor-Appointment-System-1.0-SQL-Injection.html