PT-2026-29190 · Sourcecodester · Simple Doctors Appointment System
Dyh18
·
Publicado
2026-03-31
·
Atualizado
2026-03-31
·
CVE-2026-5180
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple Doctors Appointment System version 1.0
Description
A flaw exists in SourceCodester Simple Doctors Appointment System version 1.0 that allows for SQL injection. The issue is located in the file
/admin/ajax.php and specifically affects the email argument when the action is set to login2. This manipulation can be carried out remotely. An exploit for this issue has been published.Recommendations
Apply any available updates or patches for SourceCodester Simple Doctors Appointment System version 1.0.
As a temporary workaround, restrict access to the
/admin/ajax.php file.
Sanitize the email input parameter within the /admin/ajax.php file to prevent SQL injection attacks.Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Simple Doctors Appointment System