Lucene search
K

138 matches found

OSV
OSV
added 2022/08/26 9:15 p.m.4 views

CVE-2022-36544

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...

9.8CVSS5.8AI score0.00988EPSS
Exploits1References2
NVD
NVD
added 2022/08/26 9:15 p.m.20 views

CVE-2022-36544

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...

9.8CVSS0.00988EPSS
Exploits1References2
OSV
OSV
added 2022/08/26 9:15 p.m.5 views

CVE-2022-36545

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...

9.8CVSS5.8AI score0.00988EPSS
Exploits1References2
NVD
NVD
added 2022/08/26 9:15 p.m.16 views

CVE-2022-36543

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...

9.8CVSS0.00988EPSS
Exploits1References2
NVD
NVD
added 2022/08/26 9:15 p.m.19 views

CVE-2022-36542

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...

6.5CVSS0.00616EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/26 9:15 p.m.3 views

CVE-2022-36543

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...

9.8CVSS7.4AI score0.00988EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/26 9:15 p.m.3 views

CVE-2022-36542

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...

6.5CVSS6.4AI score0.00616EPSS
Exploits0References3
OSV
OSV
added 2022/08/26 9:15 p.m.3 views

CVE-2022-36542

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...

6.5CVSS5.8AI score0.00616EPSS
Exploits0References2
Prion
Prion
added 2022/08/26 9:15 p.m.14 views

Design/Logic Flaw

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...

4.7CVSS6.4AI score0.00616EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/08/26 9:15 p.m.13 views

Sql injection

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php...

7.5CVSS9.7AI score0.00988EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/08/26 9:15 p.m.18 views

Sql injection

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...

7.5CVSS9.7AI score0.00988EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/08/26 9:15 p.m.15 views

Sql injection

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php...

7.5CVSS9.7AI score0.00988EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/26 8:37 p.m.30 views

CVE-2022-36548

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field...

5.5AI score0.00499EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/26 8:37 p.m.26 views

CVE-2022-36546

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...

9.1AI score0.00427EPSS
Exploits1References2
CVE
CVE
added 2022/08/26 8:37 p.m.62 views

CVE-2022-36547

CVE-2022-36547 affects Edoc-doctor-appointment-system v1.0.1, with a reflected cross-site scripting (XSS) vulnerability in /patient/index.php. The issue allows an attacker to inject arbitrary web scripts/HTML via the Search field (user input without sufficient sanitization), as reported across mu...

6.1CVSS6AI score0.0054EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/26 8:37 p.m.59 views

CVE-2022-36546

Edoc-doctor-appointment-system v1.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /patient/settings.php endpoint. The issue allows potentially malicious requests to be performed on behalf of a logged-in user. CVSS 3.1 base score 8.8 (HIGH); attack vector Network, privileges ...

8.8CVSS8.8AI score0.00427EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/26 8:37 p.m.31 views

CVE-2022-36547

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting XSS vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field...

6.1AI score0.0054EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/26 8:37 p.m.19 views

CVE-2022-36545

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php...

10AI score0.00988EPSS
Exploits1References2
CVE
CVE
added 2022/08/26 8:37 p.m.54 views

CVE-2022-36545

Edoc-doctor-appointment-system v1.0.1 contains a SQL injection vulnerability via the id parameter in /patient/settings.php. The issue is documented in CVE-2022-36545 and is assessed with a CVSS v3.1 base score of 9.8 (CRITICAL), with network access, no privileges required, and no user interaction...

9.8CVSS9.7AI score0.00988EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/08/26 8:37 p.m.58 views

CVE-2022-36543

The affected software is Edoc-doctor-appointment-system v1.0.1. A SQL injection vulnerability exists in the endpoint /patient/doctors.php, exploitable via the id parameter. The Root Cause, as stated across sources, is an injection flaw in handling the id parameter, enabling potentially arbitrary ...

9.8CVSS9.7AI score0.00988EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder