CVE-2022-36543
The affected software is Edoc-doctor-appointment-system v1.0.1. A SQL injection vulnerability exists in the endpoint /patient/doctors.php, exploitable via the id parameter. The Root Cause, as stated across sources, is an injection flaw in handling the id parameter, enabling potentially arbitrary ...