PT-2023-16724 · Sourcecodester · Sourcecodester Doctors Appointment System
Wangzhiqiang Zhangying
·
Published
2023-02-27
·
Updated
2024-05-17
·
CVE-2023-1057
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Doctors Appointment System version 1.0
Description
A critical issue was found in the system, affecting the
edoc function of the login.php file. The manipulation of the usermail argument leads to sql injection.Recommendations
For SourceCodester Doctors Appointment System version 1.0, consider disabling the
edoc function in the login.php file as a temporary workaround until a patch is available. Restrict access to the login.php file to minimize the risk of exploitation. Avoid using the usermail argument in the affected function until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Doctors Appointment System