Doctor appointment system
This hub aggregates every CVE we track for Doctor appointment system, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
3
Critical
7
High
0
In CISA KEV
Severity distribution
HIGH7MEDIUM4CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
3
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 14 most recently published vulnerabilities affecting Doctor appointment system.
- CVE-2026-3302SourceCodester Doctor Appointment System Sign Up register.php cross site scripting4.3
- CVE-2025-3180projectworlds Online Doctor Appointment Booking System deleteschedule.php sql injection7.3
- CVE-2025-3179projectworlds Online Doctor Appointment Booking System deletepatient.php sql injection7.3
- CVE-2025-3178projectworlds Online Doctor Appointment Booking System deleteappointment.php sql injection7.3
- CVE-2023-40945Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.9.8
- CVE-2023-39852Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session...9.8
- CVE-2021-27320Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.7.5
- CVE-2021-27319Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.7.5
- CVE-2021-27316Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.7.5
- CVE-2021-27315Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.7.5
- CVE-2021-27314SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.9.8
- CVE-2021-27317Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.6.1
- CVE-2021-27318Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.6.1
- CVE-2021-27124SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.6.5
Product normalization is registry-driven with AI assist and human review. How it works