CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

EUVD-2025-200279

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

Edoc-doctor-appointment-system 安全漏洞

Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from the docid parameter in /admin/appointment.php being susceptible to SQL injection attacks...

PT-2025-48713

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 contains an SQL injection via the docid parameter in /admin/appointment.php. The root cause is unsanitized user input enabling attackers to manipulate queries, resulting in a CRITICAL impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented in multi...

EUVD-2006-6469

Malware in sbrugna...

EUVD-2005-4504

Malware in sbrugna...

CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10150)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by a remote attacker to read arbitrary files via the "docid"...

OpenEMR Directory Traversal Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by remote attackers to execute arbitrary PHP code via the "doci...

OpenEMR Directory Traversal Vulnerability (CNVD-2019-10153)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A directory traversal vulnerability exists in portal/importtemplate.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker to delete arbitrary files with the help...

Directory traversal

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get...

CVE-2018-15141

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete...

CVE-2018-15141

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete...

Sql injection

SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter...

CVE-2008-3682

SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter...

CVE-2008-3682

CVE-2008-3682 describes an SQL injection vulnerability in dpage.php of YPN PHP Realty. The underlying issue is unsafely handling the docID parameter, enabling remote attackers to execute arbitrary SQL commands. Documents consistently state: an injection via docID could impact the application, wit...