CVE-2023-39852

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION["userid"]=$_POST["userid"] at line 68 in doctors\doctorlogin.php, where userid under POST is not a session variable controlled by the server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852	Exploit Third Party Advisory
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html	Product
https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852	Exploit Third Party Advisory
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:doctor_appointment_system_project:doctor_appointment_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:15

Type	Values Removed	Values Added
References	~~() https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852 - Exploit, Third Party Advisory~~	() https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852 - Exploit, Third Party Advisory
References	~~() https://www.sourcecodester.com/php/14182/doctor-appointment-system.html - Product~~	() https://www.sourcecodester.com/php/14182/doctor-appointment-system.html - Product

Information

Published : 2023-08-15 21:15

Updated : 2024-11-21 08:15

NVD link : CVE-2023-39852

Mitre link : CVE-2023-39852

CVE.ORG link : CVE-2023-39852

JSON object : View

Products Affected

doctor_appointment_system_project

doctor_appointment_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-39852", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-15T21:15:09.907", "references": [{"url": "https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sourcecodester.com/php/14182/doctor-appointment-system.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sourcecodester.com/php/14182/doctor-appointment-system.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION[\"userid\"]=$_POST[\"userid\"] at line 68 in doctors\\doctorlogin.php, where userid under POST is not a session variable controlled by the server."}, {"lang": "es", "value": "** EN DISPUTA ** Se descubri\u00f3 que Doctormms v1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro $userid en myAppointment.php. NOTA: esto lo cuestiona un tercero que afirma que el ID de usuario es una variable de sesi\u00f3n controlada por el servidor y, por lo tanto, no puede usarse para explotaci\u00f3n. El usuario que report\u00f3 la vulnerabilidad originalmente contraargumenta que esto se origina en $_SESSION[\"userid\"]=$_POST[\"userid\"] en la l\u00ednea 68 en doctors\\doctorlogin.php, donde el ID de usuario en POST no es una variable de sesi\u00f3n controlada por el servidor."}], "lastModified": "2024-11-21T08:15:59.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:doctor_appointment_system_project:doctor_appointment_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68074324-B3A0-4D9A-B66B-CB3E1DDE661F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}