PT-2023-16729 · Sourcecodester · Sourcecodester Doctors Appointment System
Wangzhiqiang
+1
·
Published
2023-02-27
·
Updated
2024-05-17
·
CVE-2023-1062
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Doctors Appointment System version 1.0
Description
A critical issue was found in the Parameter Handler component of the file /admin/add-new.php, where the manipulation of the
email argument leads to sql injection. This issue can be exploited remotely. The exploit has been disclosed to the public.Recommendations
For SourceCodester Doctors Appointment System version 1.0, consider disabling the
email argument in the /admin/add-new.php file until a patch is available. Restrict access to the Parameter Handler component to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Doctors Appointment System