CVE-2023-1059

A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:doctors_appointment_system_project:doctors_appointment_system:1.0:*:*:*:*:*:*:*

History

17 May 2025, 10:15

Type Values Removed Values Added
References
  • () https://vuldb.com/?submit.95222 -
  • () https://www.sourcecodester.com/ -
CWE CWE-74
Summary (en) A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824. (en) A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

21 Nov 2024, 07:38

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 6.3
References () https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%20appointment%20system/edoc%20doctor%20appointment%20system%20vlun3.pdf - Exploit, Third Party Advisory () https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%20appointment%20system/edoc%20doctor%20appointment%20system%20vlun3.pdf - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.221824 - Permissions Required () https://vuldb.com/?ctiid.221824 - Permissions Required
References () https://vuldb.com/?id.221824 - Permissions Required () https://vuldb.com/?id.221824 - Permissions Required

Information

Published : 2023-02-27 12:15

Updated : 2025-05-17 10:15


NVD link : CVE-2023-1059

Mitre link : CVE-2023-1059

CVE.ORG link : CVE-2023-1059


JSON object : View

Products Affected

doctors_appointment_system_project

  • doctors_appointment_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')