Doctor Appointment System 1.0 SQL Injection [CVE-2021-27314]

CVE number = CVE-2021-27314

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

The comment parameter has no input validation.

Please update in order to resolve this issue.

Further information – https://packetstormsecurity.com/files/161641/Doctor-Appointment-System-1.0-SQL-Injection.html

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: