CVE-2022-36546

Name of the Vulnerable Software and Affected Versions Edoc-doctor-appointment-system version 1.0.1

Description The Edoc-doctor-appointment-system contains a Cross-Site Request Forgery (CSRF) issue via the "/patient/settings.php" API endpoint. This allows for potentially malicious requests to be made on behalf of a user without their knowledge or consent.

Recommendations For Edoc-doctor-appointment-system version 1.0.1, consider implementing proper CSRF token validation to prevent unauthorized requests to the "/patient/settings.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.