CVE-2023-1061

Опубликовано: 27 фев. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%20appointment%20system/edoc%20doctor%20appointment%20system%20vlun4.pdf
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.221825
Permissions Required
VDB Entry
https://vuldb.com/?id.221825
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.95223
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/
Product
https://github.com/E1CHO/cve_hub/blob/main/edoc%20doctor%20appointment%20system/edoc%20doctor%20appointment%20system%20vlun4.pdf
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.221825
Permissions Required
VDB Entry
https://vuldb.com/?id.221825
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:doctors_appointment_system_project:doctors_appointment_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00053

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-5mv8-rhrv-42gh

CVSS3: 8.8

github

почти 3 года назад

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability.

EPSS

Процентиль: 16%

0.00053

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74