Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by hashenudara
CVE-2025-66918 (GCVE-0-2025-66918)
Vulnerability from nvd – Published: 2025-12-11 00:00 – Updated: 2025-12-11 19:44
VLAI
EPSS
VEX
Summary
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T19:39:52.954519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:44:48.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the \"title\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T17:34:03.993Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"url": "https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66918/readme.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66918",
"datePublished": "2025-12-11T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-11T19:44:48.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65358 (GCVE-0-2025-65358)
Vulnerability from nvd – Published: 2025-12-02 00:00 – Updated: 2025-12-03 14:59
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:58:04.839162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:59:06.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the \u0027docid\u0027 parameter at /admin/appointment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:25:13.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"url": "https://github.com/omkaryepre/vulnerability-research/tree/main/CVE-2025-65358"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65358",
"datePublished": "2025-12-02T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-03T14:59:06.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-36548 (GCVE-0-2022-36548)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20(XSS).md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20(XSS).md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36548",
"datePublished": "2022-08-26T20:37:53.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36547 (GCVE-0-2022-36547)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20(XSS).md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20(XSS).md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36547",
"datePublished": "2022-08-26T20:37:52.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36546 (GCVE-0-2022-36546)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36546",
"datePublished": "2022-08-26T20:37:52.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36545 (GCVE-0-2022-36545)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36545",
"datePublished": "2022-08-26T20:37:51.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36544 (GCVE-0-2022-36544)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36544",
"datePublished": "2022-08-26T20:37:50.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36543 (GCVE-0-2022-36543)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36543",
"datePublished": "2022-08-26T20:37:50.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36542 (GCVE-0-2022-36542)
Vulnerability from nvd – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36542",
"datePublished": "2022-08-26T20:37:48.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66918 (GCVE-0-2025-66918)
Vulnerability from cvelistv5 – Published: 2025-12-11 00:00 – Updated: 2025-12-11 19:44
VLAI
EPSS
VEX
Summary
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T19:39:52.954519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:44:48.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the \"title\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T17:34:03.993Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"url": "https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66918/readme.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66918",
"datePublished": "2025-12-11T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-11T19:44:48.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65358 (GCVE-0-2025-65358)
Vulnerability from cvelistv5 – Published: 2025-12-02 00:00 – Updated: 2025-12-03 14:59
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:58:04.839162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:59:06.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the \u0027docid\u0027 parameter at /admin/appointment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:25:13.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"url": "https://github.com/omkaryepre/vulnerability-research/tree/main/CVE-2025-65358"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65358",
"datePublished": "2025-12-02T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-03T14:59:06.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-36548 (GCVE-0-2022-36548)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20(XSS).md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Stored%20Cross%20Site%20Scripting%20(XSS).md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36548",
"datePublished": "2022-08-26T20:37:53.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36546 (GCVE-0-2022-36546)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36546",
"datePublished": "2022-08-26T20:37:52.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36547 (GCVE-0-2022-36547)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20%28XSS%29.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20(XSS).md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Reflected%20Cross%20Site%20Scripting%20(XSS).md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36547",
"datePublished": "2022-08-26T20:37:52.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36545 (GCVE-0-2022-36545)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36545",
"datePublished": "2022-08-26T20:37:51.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36544 (GCVE-0-2022-36544)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36544",
"datePublished": "2022-08-26T20:37:50.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36543 (GCVE-0-2022-36543)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36543",
"datePublished": "2022-08-26T20:37:50.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36542 (GCVE-0-2022-36542)
Vulnerability from cvelistv5 – Published: 2022-08-26 20:37 – Updated: 2024-08-03 10:07
VLAI
EPSS
VEX
Summary
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/onEpAth936/cve/blob/master/bug… | x_refsource_MISC |
| https://github.com/HashenUdara/edoc-doctor-appoin… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T20:37:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system"
},
{
"name": "https://github.com/HashenUdara/edoc-doctor-appointment-system",
"refsource": "MISC",
"url": "https://github.com/HashenUdara/edoc-doctor-appointment-system"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36542",
"datePublished": "2022-08-26T20:37:48.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}