CVE-2022-36202

Name of the Vulnerable Software and Affected Versions Doctor's Appointment System version 1.0

Description The issue concerns Incorrect Access Control, specifically Broken Access Control (IDOR), in the settings.php file located at the /edoc/patient/ endpoint. The vulnerability is exploited via the id parameter.

Recommendations For Doctor's Appointment System version 1.0, consider restricting access to the settings.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the id parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.