Pkey

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Blood Bank Management System version 1.0 **Description** A critical issue has been found in the itsourcecode Online Blood Bank Management System, affecting the processing of the file /bbms.php. The manipulation of the `Search` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For itsourcecode Online Blood Bank Management System version 1.0, consider restricting access to the /bbms.php file until a patch is available. As a temporary workaround, avoid using the `Search` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue has been discovered, allowing for SQL injection through the manipulation of the `ic` argument in the /doctor/deletepatient.php file. This can be exploited remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the /doctor/deletepatient.php file until a patch is available. As a temporary workaround, avoid using the `ic` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue was found in the projectworlds Online Doctor Appointment Booking System, affecting an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the /doctor/deleteschedule.php file until a fix is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue has been found in the projectworlds Online Doctor Appointment Booking System, affecting some unknown functionality of the file /patient/appointment.php. The manipulation of the `scheduleDate` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the `/patient/appointment.php` endpoint until a patch is available. As a temporary workaround, avoid using the `scheduleDate` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue has been identified, affecting the /patient/patientupdateprofile.php file. The manipulation of the `patientFirstName` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the `patientupdateprofile.php` file until a fix is available, and avoid using the `patientFirstName` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue affects the processing of the file /doctor/deleteappointment.php, where the manipulation of the `ID` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the /doctor/deleteappointment.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the deleteappointment.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue was found in the projectworlds Online Doctor Appointment Booking System. This issue affects the file `/patient/getschedule.php` and allows for SQL injection by manipulating the `q` argument. The attack can be initiated remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the `/patient/getschedule.php` file until a patch is available. As a temporary workaround, avoid using the `q` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue was discovered in the projectworlds Online Doctor Appointment Booking System, affecting an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the `patientFirstName` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. Other parameters might also be affected. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider disabling the `patientupdateprofile.php` file or restricting access to it until a patch is available. Avoid using the `patientFirstName` argument in the affected API endpoint until the issue is resolved. As a temporary workaround, restrict access to the `/patient/patientupdateprofile.php` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue was found in the projectworlds Online Doctor Appointment Booking System. The vulnerability affects an unknown functionality of the file /patient/invoice.php. The manipulation of the `appid` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the /patient/invoice.php file until a patch is available. Avoid using the `appid` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Doctor Appointment Booking System version 1.0 **Description** A critical issue affects the processing of the file /patient/profile.php?patientId=1, where the manipulation of the `patientFirstName` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For projectworlds Online Doctor Appointment Booking System version 1.0, consider restricting access to the /patient/profile.php endpoint until a patch is available, and avoid using the `patientFirstName` parameter in this endpoint to minimize the risk of exploitation.