Wangzhiqiang Zhangying

Researcher fromSSL_Seven_Security Lab
#10982of 53,635
25.1Total CVSS
Vulnerabilities · 3
High
3
PT-2023-17434
7.5
2023-04-14
Unknown · Campcodes Video Sharing Website · CVE-2023-2038
**Name of the Vulnerable Software and Affected Versions** Campcodes Video Sharing Website version 1.0 **Description** A critical issue has been found, affecting the admin class.php file, where manipulation of the `email` argument leads to SQL injection. This can be initiated remotely. **Recommendations** For Campcodes Video Sharing Website version 1.0, consider restricting access to the admin class.php file until a fix is available, and avoid using the `email` argument in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2023-16724
8.8
2023-02-27
Sourcecodester · Sourcecodester Doctors Appointment System · CVE-2023-1057
**Name of the Vulnerable Software and Affected Versions** SourceCodester Doctors Appointment System version 1.0 **Description** A critical issue was found in the system, affecting the `edoc` function of the `login.php` file. The manipulation of the `usermail` argument leads to sql injection. **Recommendations** For SourceCodester Doctors Appointment System version 1.0, consider disabling the `edoc` function in the `login.php` file as a temporary workaround until a patch is available. Restrict access to the `login.php` file to minimize the risk of exploitation. Avoid using the `usermail` argument in the affected function until the issue is resolved.
PT-2023-16726
8.8
2023-02-27
Sourcecodester · Sourcecodester Doctors Appointment System · CVE-2023-1059
**Name of the Vulnerable Software and Affected Versions** SourceCodester Doctors Appointment System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Doctors Appointment System. This issue affects the file /admin/doctors.php of the component Parameter Handler. The manipulation of the `search` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Doctors Appointment System version 1.0, consider disabling the `search` argument in the /admin/doctors.php file until a patch is available to prevent SQL injection attacks. Restrict access to the /admin/doctors.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.