This PHP-based open source project is a web application for booking medical appointments. Patients can use the platform to easily schedule appointments with their doctors, saving time and effort. The project's source code is open for anyone to use, modify, and distribute according to their needs.
patient/appointment.php from line 54,The $sheduledate parameter is controllable, the parameter sheduledate can be passed through post, and the $sheduledate is not protected from sql injection, line 72 $result= $database->query($sqlmain); causes sql injection
Vulnerability file address
patient/appointment.php
from line 54,The $sheduledate parameter is controllable, the parameter sheduledate can be passed through post, and the $sheduledate is not protected from sql injection, line 72$result= $database->query($sqlmain);
causes sql injectionPOC
Attack results pictures