RSS   Vulnerabilities for 'Doctor appointment system'   RSS

2021-03-24
 
CVE-2021-27320

CWE-89
 

 
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.

 
 
CVE-2021-27319

CWE-89
 

 
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.

 
 
CVE-2021-27316

CWE-89
 

 
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.

 
 
CVE-2021-27315

CWE-89
 

 
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.

 
2021-03-05
 
CVE-2021-27314

CWE-89
 

 
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

 
2021-03-01
 
CVE-2021-27318

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.

 
 
CVE-2021-27317

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.

 
2021-02-18
 
CVE-2021-27124

CWE-89
 

 
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.

 


Copyright 2024, cxsecurity.com

 

Back to Top