CVE-2022-36202

Published: Aug 31, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.

Affected (1)

Products: Doctor's Appointment System Project: Doctor's Appointment System

Doctor's Appointment System Project

1 product

Doctor's Appointment System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Doctor's Appointment System Project Doctor's Appointment System	Version 1.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

http://hshnudr.com

Source: cve@mitre.org

Not ApplicableURL Repurposed

https://github.com/aznull/CVEs

Source: cve@mitre.org

Third Party Advisory

https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html

Source: cve@mitre.org

Product

http://hshnudr.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableURL Repurposed

https://github.com/aznull/CVEs

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.