CVE-2022-36543 The application's id parameter was vulnerable to SQL injection.

If users input anything other than id= followed by a character, they could inject arbitrary SQL code and grant access to their own account. This may lead to information disclosure, incorrect data being stored, or even cause the system to crash. There is no patch for this issue. To stay protected, we recommend enabling the auto-parsing of all input fields in your server.

SQL Injection - CVE-2022-36544

If users input anything other than id= followed by a character, they could inject arbitrary SQL code and grant access to their own account. This may lead to information disclosure, incorrect data being stored, or even cause the system to crash. There is no patch for this issue. To stay protected, we recommend enabling the auto-parsing of all input fields in your server.

Vulnerability Discovery

A vulnerability has been discovered in the MySQL database management system. If users input anything other than id= followed by a character, they could inject arbitrary SQL code and grant access to their own account. This may lead to information disclosure, incorrect data being stored, or even cause the system to crash. There is no patch for this issue. To stay protected, we recommend enabling the auto-parsing of all input fields in your server.

Timeline

Published on: 08/26/2022 21:15:00 UTC
Last modified on: 08/31/2022 18:38:00 UTC

References

• https://github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system/Multiple%20SQL%20injection.md
• https://github.com/HashenUdara/edoc-doctor-appointment-system
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36543