CVE-2022-36202
CRITICALDoctor's Appointment System 1.0 - Info Disclosure
Title source: llmDescription
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
References (3)
Core 3
Core References
Not Applicable, URL Repurposed x_refsource_misc
http://hshnudr.com
Product x_refsource_misc
https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html
Scores
CVSS v3
9.8
EPSS
0.0043
EPSS Percentile
62.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-639
Status
published
Products (1)
doctor\'s_appointment_system_project/doctor\'s_appointment_system
1.0
Published
Aug 31, 2022
Tracked Since
Feb 18, 2026