4 matches found
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
Sql injection
DISPUTED Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original...
CVE-2023-39852
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
CVE-2023-39852
Doctormms v1.0 is associated with a SQL injection in the myAppoinment.php endpoint via the userid parameter. The core dispute is whether userid is a server-controlled session variable or derived from a POST value; the claim is that _SESSION["userid"] = $_POST["userid"] at doctorlogin.php line 68,...