CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

EUVD-2025-200279

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

Edoc-doctor-appointment-system 安全漏洞

Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from the docid parameter in /admin/appointment.php being susceptible to SQL injection attacks...

PT-2025-48713

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 contains an SQL injection via the docid parameter in /admin/appointment.php. The root cause is unsanitized user input enabling attackers to manipulate queries, resulting in a CRITICAL impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented in multi...

EUVD-2006-6469

Malware in sbrugna...

EUVD-2005-4504

Malware in sbrugna...

CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

PT-2024-38626 · WordPress · User Private Files

Name of the Vulnerable Software and Affected Versions: User Private Files – WordPress File Sharing Plugin versions up to, and including, 2.1.0 Description: The issue allows authenticated attackers with subscriber-level access and above to gain access to other users' private files due to missing...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10150)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by a remote attacker to read arbitrary files via the "docid"...

OpenEMR Directory Traversal Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by remote attackers to execute arbitrary PHP code via the "doci...

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10153)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker to delete arbitrary files with the help...

Directory traversal

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get...

CVE-2018-15141

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete...

CVE-2018-15141

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete...

麦达特色库检索平台SQL注入

简要描述： RT 详细说明： 杭州麦达电子有限公司开发的特色库系统，用户包括众多国内知名高校。 http://www.metadata.com.cn/cpjs1.asp?ProID=42 该系统存在注入，以 http://210.33.44.5:8080/docinfo?docid=302&dbid=2&dbname=%E5%AD%A6%E4%BD%8D%E8%AE%BA%E6%96%87%E5%BA%93 为例 docid 参数存在注入 漏洞证明： 部分测试案例：...

阿帕比数字资源平台系统mssql注入

简要描述： 一处mssql的注入 详细说明： 厂商： http://gw.apabi.com/ 北京方正阿帕比技术有限公司 用户量比较多： SQL注入点： /AddMyFavourite.asp?lang=gb&DocID= 其中DocID存在sql注入 互联网自动采集案例5枚： http://ebook.nwu.edu.cn/AddMyFavourite.asp?lang=gb&DocID=1 http://dlib.gsjtxy.edu.cn/dlib/AddMyFavourite.asp?lang=gb&DocID=1...