9 matches found
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
Sql injection
DISPUTED Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original...
PT-2023-27136 · Doctormms · Doctormms
Name of the Vulnerable Software and Affected Versions: Doctormms version 1.0 Description: A SQL injection vulnerability was discovered in Doctormms via the userid parameter at the "myAppoinment.php" endpoint. This issue is disputed by a third party, who claims that the userid is a session variabl...
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
CVE-2023-39852
Doctormms v1.0 is associated with a SQL injection in the myAppoinment.php endpoint via the userid parameter. The core dispute is whether userid is a server-controlled session variable or derived from a POST value; the claim is that _SESSION["userid"] = $_POST["userid"] at doctorlogin.php line 68,...