CVE-2023-39852

Name of the Vulnerable Software and Affected Versions Doctormms version 1.0

Description A SQL injection vulnerability was discovered in Doctormms via the userid parameter at the "myAppoinment.php" endpoint. This issue is disputed by a third party, who claims that the userid is a session variable controlled by the server and thus cannot be exploited. However, the original reporter argues that the userid originates from $ SESSION["userid"]=$ POST["userid"] at line 68 in "doctorsdoctorlogin.php", where the userid under POST is not a session variable controlled by the server.

Recommendations For Doctormms version 1.0, as a temporary workaround, consider restricting access to the "myAppoinment.php" endpoint or disabling the use of the userid parameter until a patch is available. Additionally, review the code to ensure that user input, such as $ POST["userid"], is properly sanitized to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.