EUVD-2026-13589

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

CVE-2026-4473 itsourcecode Online Doctor Appointment System appointment_action.php sql injection

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

PT-2026-26566

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment action.php. The manipulation of the argument appointment id results in sql injection. The attack can be launched remotely. The exploit is no...

itsourcecode Online Doctor Appointment System SQL注入漏洞

itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the appointmentid parameter in the file...

PT-2026-25152

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the get item permissions check method granting access to users with the ssa manage...

CVE-2020-24313

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...

CVE-2025-64081

SQL injection vulnerability in /php/apipatientschedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter...

CVE-2025-64081

SQL injection vulnerability in /php/apipatientschedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter...

CVE-2025-64081

CVE-2025-64081 is a SQL injection in SourceCodester’s Patients Waiting Area Queue Management System v1, affecting the file /php/api_patient_schedule.php via the appointmentID parameter. The root cause is improper input validation/sanitization, enabling attackers to execute arbitrary SQL commands....

EUVD-2025-197727

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/apipatientschedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The...

CVE-2025-13248 SourceCodester Patients Waiting Area Queue Management System api_patient_schedule.php sql injection

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/apipatientschedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The...

CVE-2025-13122

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/apipatientcheckin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to...

CVE-2025-13122 SourceCodester Patients Waiting Area Queue Management System api_patient_checkin.php getPatientAppointment sql injection

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/apipatientcheckin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to...

SourceCodester Patients Waiting Area Queue SQL注入漏洞

SourceCodester Patients Waiting Area Queue is an open source patient waiting area queuing system from SourceCodester. SourceCodester Patients Waiting Area Queue version 1.0 has a SQL injection vulnerability, the vulnerability stems from the improper handling of the appointmentID parameter in the...

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

PT-2023-14197 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.31 Description: The issue allows any visitor to display information about any booking by manipulating the appointment id query parameter in the thank you page, potentially exposing full name...

WordPress Cross-Site Scripting Vulnerability (CNVD-2020-54948)

WordPress is a blogging platform developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. It is widely used internationally and is compatible with self-developed plugins. Powerful and widely used.Ultimate Appointment Booking & Schedulin...

CVE-2020-24313

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...