138 matches found
CVE-2022-36547
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
CVE-2022-36545
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
CVE-2022-36543
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
CVE-2022-36543
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...
Sql injection
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...
Sql injection
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...
Sql injection
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...
Design/Logic Flaw
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
CVE-2022-36548
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...
CVE-2022-36546
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...
CVE-2022-36547
CVE-2022-36547 affects Edoc-doctor-appointment-system v1.0.1, with a reflected cross-site scripting (XSS) vulnerability in /patient/index.php. The issue allows an attacker to inject arbitrary web scripts/HTML via the Search field (user input without sufficient sanitization), as reported across mu...
CVE-2022-36546
Edoc-doctor-appointment-system v1.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /patient/settings.php endpoint. The issue allows potentially malicious requests to be performed on behalf of a logged-in user. CVSS 3.1 base score 8.8 (HIGH); attack vector Network, privileges ...
CVE-2022-36547
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...
CVE-2022-36545
Edoc-doctor-appointment-system v1.0.1 contains a SQL injection vulnerability via the id parameter in /patient/settings.php. The issue is documented in CVE-2022-36545 and is assessed with a CVSS v3.1 base score of 9.8 (CRITICAL), with network access, no privileges required, and no user interaction...
CVE-2022-36545
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...
CVE-2022-36543
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...