Vulnerabilities > Doctor Appointment System Project

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-40945 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
network
low complexity
doctor-appointment-system-project CWE-89
critical
9.8
2023-08-15 CVE-2023-39852 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.
network
low complexity
doctor-appointment-system-project CWE-89
critical
9.8
2021-03-24 CVE-2021-27320 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
network
low complexity
doctor-appointment-system-project CWE-89
7.5
2021-03-24 CVE-2021-27319 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
network
low complexity
doctor-appointment-system-project CWE-89
7.5
2021-03-24 CVE-2021-27316 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
network
low complexity
doctor-appointment-system-project CWE-89
7.5
2021-03-24 CVE-2021-27315 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
network
low complexity
doctor-appointment-system-project CWE-89
7.5
2021-03-05 CVE-2021-27314 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
network
low complexity
doctor-appointment-system-project CWE-89
critical
9.8
2021-03-01 CVE-2021-27318 Cross-site Scripting vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.
network
low complexity
doctor-appointment-system-project CWE-79
6.1
2021-03-01 CVE-2021-27317 Cross-site Scripting vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
network
low complexity
doctor-appointment-system-project CWE-79
6.1
2021-02-18 CVE-2021-27124 SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
network
low complexity
doctor-appointment-system-project CWE-89
6.5