PT-2026-29190 · Sourcecodester · Simple Doctors Appointment System
Dyh18
·
Published
2026-03-31
·
Updated
2026-03-31
·
CVE-2026-5180
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple Doctors Appointment System version 1.0
Description
A flaw exists in SourceCodester Simple Doctors Appointment System version 1.0 that allows for SQL injection. The issue is located in the file
/admin/ajax.php and specifically affects the email argument when the action is set to login2. This manipulation can be carried out remotely. An exploit for this issue has been published.Recommendations
Apply any available updates or patches for SourceCodester Simple Doctors Appointment System version 1.0.
As a temporary workaround, restrict access to the
/admin/ajax.php file.
Sanitize the email input parameter within the /admin/ajax.php file to prevent SQL injection attacks.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Doctors Appointment System