CVE-2021-27124

MEDIUM NUCLEI

Doctor Appointment System - SQL Injection

Title source: rule

Description

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.

Nuclei Templates (1)

Doctor Appointment System 1.0 - SQL Injection

MEDIUMVERIFIEDby theamanrawat

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161342/Doctor-Appointment-System-1.0-SQL-Injection.html

[Exploit, Third Party Advisory] https://naku-ratti.medium.com/doctor-appointment-system-1-0-authenticated-sql-dios-7689b1d30f5f

[Product] https://www.sourcecodester.com/php/14182/doctor-appointment-system.html

Scores

CVSS v3 6.5

EPSS 0.2229

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (1)

doctor_appointment_system_project/doctor_appointment_system 1.0

Published Feb 18, 2021

Tracked Since Feb 18, 2026