mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
806 B
806 B
CVE-2021-27124
Description
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
POC
Reference
- http://packetstormsecurity.com/files/161342/Doctor-Appointment-System-1.0-SQL-Injection.html
- https://naku-ratti.medium.com/doctor-appointment-system-1-0-authenticated-sql-dios-7689b1d30f5f
Github
No PoCs found on GitHub currently.