CVE-2021-27314
CRITICAL NUCLEIDoctor Appointment System 1.0 - SQL Injection
Title source: llmExploitation Summary
CVE-2021-27314 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
Nuclei Templates (1)
Doctor Appointment System 1.0 - SQL Injection
CRITICALVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/161641/Doctor-Appointment-System-1.0-SQL-Injection.html
Scores
CVSS v3
9.8
EPSS
0.1239
EPSS Percentile
95.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
doctor_appointment_system_project/doctor_appointment_system
1.0
Published
Mar 05, 2021
Tracked Since
Feb 18, 2026