Online Doctor Appointment Booking System PHP and Mysql project の Online Doctor Appointment Booking System PHP and Mysql における SQL インジェクションの脆弱性
| Title |
Online Doctor Appointment Booking System PHP and Mysql project の Online Doctor Appointment Booking System PHP and Mysql における SQL インジェクションの脆弱性
|
| Summary |
Online Doctor Appointment Booking System PHP and Mysql project の Online Doctor Appointment Booking System PHP and Mysql には、SQL インジェクションの脆弱性が存在します。
|
| Possible impacts |
情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
April 3, 2025, midnight |
| Registration Date |
April 16, 2025, 10:35 a.m. |
| Last Update |
April 16, 2025, 10:35 a.m. |
|
CVSS3.0 : 緊急
|
| Score |
9.8
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
CVSS2.0 : 危険
|
| Score |
7.5
|
| Vector |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
Affected System
| Online Doctor Appointment Booking System PHP and Mysql project |
|
Online Doctor Appointment Booking System PHP and Mysql 1.0
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2025年04月16日] 掲載 |
April 16, 2025, 10:34 a.m. |
NVD Vulnerability Information
CVE-2025-3184
| Summary |
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
| Publication Date |
April 4, 2025, 8:15 a.m. |
| Registration Date |
April 5, 2025, 4:02 a.m. |
| Last Update |
April 5, 2025, 3:15 a.m. |
Related information, measures and tools
Common Vulnerabilities List