EUVD-2026-17311
GHSA-3px2-4mjj-vhr8
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Analysis
SQL injection in SourceCodester Simple Doctors Appointment System 1.0 allows remote unauthenticated attackers to extract, modify, or delete database contents via the Username parameter in /admin/login.php. Publicly available exploit code exists (GitHub POC), enabling trivial exploitation with no authentication required. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Immediately disconnect or isolate any instances of SourceCodester Simple Doctors Appointment System 1.0 from internet access; implement Web Application Firewall (WAF) rules to block SQL injection patterns in the /admin/login.php Username parameter. Within 7 days: Conduct database audit to identify unauthorized access or modifications since deployment; evaluate alternative appointment management systems with security patch support. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today