VYPR

Doctor-Appointment

by Doctor-Appointment

CVEs (11)

  • CVE-2021-27314CriMar 5, 2021
    risk 0.65cvss 9.8epss 0.12

    SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

  • CVE-2022-38946CriDec 9, 2024
    risk 0.64cvss 9.8epss 0.01

    Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.

  • CVE-2021-27320HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.09

    Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.

  • CVE-2021-27319HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.08

    Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.

  • CVE-2021-27316HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.08

    Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.

  • CVE-2021-27315HigMar 24, 2021
    risk 0.49cvss 7.5epss 0.08

    Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.

  • CVE-2021-27124MedFeb 18, 2021
    risk 0.43cvss 6.5epss 0.06

    SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.

  • CVE-2022-45729MedJan 12, 2023
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.

  • CVE-2022-45728MedJan 12, 2023
    risk 0.40cvss 6.1epss 0.01

    Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

  • CVE-2021-27318MedMar 1, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.

  • CVE-2021-27317MedMar 1, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.