Doctor Appointment System
by Remyandrade
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9603 | Med | 0.42 | 6.5 | 0.00 | May 26, 2026 | A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible.… | ||
| CVE-2026-3302 | Med | 0.28 | 4.3 | 0.00 | Feb 27, 2026 | A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The… | ||
| CVE-2021-27320 | 0.02 | — | 0.09 | Mar 24, 2021 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. | |||
| CVE-2025-66918 | 0.00 | — | 0.00 | Dec 11, 2025 | edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter. | |||
| CVE-2025-65358 | 0.00 | — | 0.00 | Dec 2, 2025 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php. | |||
| CVE-2025-45805 | 0.00 | — | 0.00 | Sep 3, 2025 | In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an… | |||
| CVE-2025-50493 | 0.00 | — | 0.00 | Jul 28, 2025 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. | |||
| CVE-2025-2649 | 0.00 | — | 0.00 | Mar 23, 2025 | A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated… | |||
| CVE-2025-2640 | 0.00 | — | 0.00 | Mar 23, 2025 | A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql… | |||
| CVE-2025-2383 | 0.00 | — | 0.00 | Mar 17, 2025 | A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The… | |||
| CVE-2024-48807 | 0.00 | — | 0.00 | Oct 30, 2024 | Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. | |||
| CVE-2024-4294 | 0.00 | — | 0.01 | Apr 27, 2024 | A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to… | |||
| CVE-2024-4293 | 0.00 | — | 0.01 | Apr 27, 2024 | A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to… | |||
| CVE-2023-40945 | 0.00 | — | 0.01 | Sep 11, 2023 | Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. | |||
| CVE-2023-4219 | 0.00 | — | 0.01 | Aug 8, 2023 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be… | |||
| CVE-2023-1063 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads… | |||
| CVE-2023-1062 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is… | |||
| CVE-2023-1061 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may… | |||
| CVE-2023-1059 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The… | |||
| CVE-2023-1058 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely.… |
- risk 0.42cvss 6.5epss 0.00
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible.…
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The…
- CVE-2021-27320Mar 24, 2021risk 0.02cvss —epss 0.09
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
- CVE-2025-66918Dec 11, 2025risk 0.00cvss —epss 0.00
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.
- CVE-2025-65358Dec 2, 2025risk 0.00cvss —epss 0.00
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
- CVE-2025-45805Sep 3, 2025risk 0.00cvss —epss 0.00
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an…
- CVE-2025-50493Jul 28, 2025risk 0.00cvss —epss 0.00
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
- CVE-2025-2649Mar 23, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated…
- CVE-2025-2640Mar 23, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql…
- CVE-2025-2383Mar 17, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The…
- CVE-2024-48807Oct 30, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
- CVE-2024-4294Apr 27, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to…
- CVE-2024-4293Apr 27, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to…
- CVE-2023-40945Sep 11, 2023risk 0.00cvss —epss 0.01
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
- CVE-2023-4219Aug 8, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be…
- CVE-2023-1063Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads…
- CVE-2023-1062Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is…
- CVE-2023-1061Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may…
- CVE-2023-1059Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The…
- CVE-2023-1058Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely.…
Page 1 of 2