CVE-2023-39852

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Aug 2, 2024
CWE ID 89

Summary

CVE-2023-39852: Doctormms v1.0 is reported to have a SQL injection vulnerability that can be potentially exploited through the $userid parameter in myAppoinment.php. However, this claim is disputed by a third party who argues that the userid is a session variable controlled by the server, making it unlikely to be manipulated for malicious purposes. The original reporter, on the other hand, asserts that the userid originates from an uncontrolled $_POST variable at line 68 in doctors/doctorlogin.php. The validity of this vulnerability remains controversial.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share