.. / CVE-2021-27314

Exploit for Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27314)

Description:

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

Nuclei Template

View the template here CVE-2021-27314.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-27314.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-27314
https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
http://packetstormsecurity.com/files/161642/Doctor-Appointment-System-1.0-Blind-SQL-Injection.html

.. / CVE-2021-27314 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27314)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-27314