8 matches found
CVE-2023-4219
CVE-2023-4219 concerns SourceCodester Doctors Appointment System v1.0 with a SQL injection in login.php via the useremail parameter. The vulnerability can be triggered remotely and is described as high severity; exploitation status is not confirmed within the provided sources, though public discl...
CVE-2023-1059
CVE-2023-1059 affects SourceCodester Doctors Appointment System 1.0. The vulnerability resides in the file /admin/doctors.php (Parameter Handler) where the parameter search/id is manipulated, leading to SQL injection. It is a remotely exploitable vulnerability described as critical with public ex...
CVE-2023-1061
CVE-2023-1061 affects SourceCodester Doctors Appointment System 1.0. The issue is a SQL injection in the /admin/edit-doc.php endpoint, triggered by manipulating the email/oldmail argument. It is exploitable remotely and has had public exploitation disclosures. Connected sources corroborate an att...
CVE-2023-1062
CVE-2023-1062 affects SourceCodester Doctors Appointment System 1.0 in the Parameter Handler’s file /admin/add-new.php. The vulnerability is caused by manipulation of the email parameter, enabling SQL injection. It is remotely exploitable and the exploit has been publicly disclosed. Multiple conn...
CVE-2023-1063
CVE-2023-1063 affects SourceCodester Doctors Appointment System 1.0, where the SQL injection flaw resides in the Parameter Handler, specifically via manipulating the search parameter in /admin/patient.php. The issue can be exploited remotely; public disclosure exists. The root cause is unsafely h...
CVE-2023-1056
CVE-2023-1056 affects SourceCodester Doctors Appointment System v1.0, specifically the vulnerable code path in /edoc/doctor/patient.php where manipulating the search12 parameter enables SQL injection. The issue is exploitable remotely and the exploit has been publicly disclosed. Multiple connecte...
CVE-2023-1057
CVE-2023-1057 affects SourceCodester Doctors Appointment System 1.0. The vulnerable component is the edoc function in login.php, where manipulating the usermail parameter enables SQL injection. This is a server-side data exposure/alteration risk with a network attack vector and highImpact on conf...
CVE-2023-1058
CVE-2023-1058 affects SourceCodester Doctors Appointment System 1.0. The vulnerability is an SQL injection in create-account.php triggered by the newemail parameter. It can be exploited remotely and has been disclosed publicly. Affected component: create-account.php; root cause: improper handling...