PT-2022-23454 · Unknown · Edoc-Doctor-Appointment-System
Published
2022-08-26
·
Updated
2025-12-16
·
CVE-2022-36542
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Edoc-doctor-appointment-system version 1.0.1
Description
An access control issue in the component /ip/admin/ allows attackers to arbitrarily edit, read, and delete Administrator data.
Recommendations
For Edoc-doctor-appointment-system version 1.0.1, consider restricting access to the /ip/admin/ component until a fix is available. As a temporary workaround, limit the privileges of users who can access this component to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Edoc-Doctor-Appointment-System