doctor_appointment_system_project CVE 脆弱性と CVE 一覧(10)

製品(CPE): — CVE 件数: 10

doctor_appointment_system_project 脆弱性概要

doctor_appointment_system_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk sql injection and vendor risk cross-site scripting などに関し、一部は vendor impact data exposure を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 110 / 10 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-40945 Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. [email protected] 9.8 0.75% 2023-09-11 2026-06-17
CVE-2023-39852 Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION["userid"]=$_POST["userid"] at line 68 in doctors\doctorlogin.php, where userid under POST is not a session variable controlled by the server. [email protected] 9.8 0.77% 2023-08-15 2026-06-17
CVE-2021-27320 Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. [email protected] 7.5 9.30% 2021-03-24 2026-06-16
CVE-2021-27319 Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. [email protected] 7.5 7.83% 2021-03-24 2026-06-16
CVE-2021-27316 Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. [email protected] 7.5 7.83% 2021-03-24 2026-06-16
CVE-2021-27315 Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. [email protected] 7.5 7.83% 2021-03-24 2026-06-16
CVE-2021-27314 SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. [email protected] 9.8 12.39% 2021-03-04 2026-06-16
CVE-2021-27318 Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. [email protected] 6.1 1.49% 2021-03-01 2026-06-16
CVE-2021-27317 Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. [email protected] 6.1 1.31% 2021-03-01 2026-06-16
CVE-2021-27124 SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. [email protected] 6.5 5.72% 2021-02-17 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence