CVE-2021-41660

CRITICAL

Patient Appointment Scheduler System - SQL Injection via Login Username and Password Fields

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0125
EPSS Percentile 66.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
patient_appointment_scheduler_system_project/patient_appointment_scheduler_system 1.0
Published Jan 24, 2022
Tracked Since Feb 18, 2026