Headline
CVE-2022-36548: GitHub - HashenUdara/edoc-doctor-appointment-system: Simple web project that made for e-channeling.
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.
edoc-echanneling
Simple web project that made for e-channeling. This project helps a certain medical establishment such as a clinic or a hospital clients/patients to request an appointment with a doctor online. This project can also help doctors to manage the schedules of their appointments with their patients. This doctor’s appointment system will organize the schedules of each patient’s appointment, which will be submitted as a request to the doctor they have selected. The system has 3 sides which are the administrator, the doctor, and the patient. The system admin will populate the list of the doctors with their specialties and along with the doctor’s details and system credentials. The patients will browse the doctor’s appointment system website to find a doctor that has the specialty of their needs. The patient can check the doctor’s weekly schedule to help them to choose the day and time which they can comply for the appointment and they will submit their request for an appointment. After that, the doctors can view all their appointments and the appointment request of the patients for their availability.
1.Admin
Admin can add doctors,edit doctors, delete doctors;
Schedule new doctors sessions,remove sessions;
View patients details;
View booking of patients;
2.Doctors
View their Appointment;
view their scheduled sessions;
view details of patients;
delete account;
edit account settings;
3.Patiens(Clients)
make appointment online;
create accounts themslves;
view their old booking;
delete account;
edit account settings;
If you are Admin,doctor or patient ,only have one page to login :)
HOW TO GET STARTED
Open your XAMPP Control Panel and start Apache and MySQL.
Extract the downloaded source code zip file.
Copy the extracted source code folder and paste it into the XAMPP’s “htdocs” directory.
Browse the PHPMyAdmin in a browser. i.e. http://localhost/phpmyadmin
Create a new database naming edoc.
Import the provided SQL file. The file is known as DATABASE edoc.sql located inside the source code root folder.
Browse the Doctor’s Appointment Systsem in a browser. i.e. http://localhost/edoc-echanneling-main/.
DATABASE NAME: ‘edoc’
BUILDIN USER ACCOUNTS OF THIS PROJECT
ADMIN EMAIL: [email protected]
ADMNIN PASSWORD: 123
DOCTOR EMAIL: [email protected]
DOCTOR PASSWORD: 123
PATIENT EMAIL: [email protected]
PATIENT PASSWORD: 123
The Project was developed using the following:
Apache Version: 2.4.39
PHP Version: 7.3.5
Server Software: Apache/2.4.39 (Win64) PHP/7.3.5
MySQL Version: 5.7.26
Also available in sourcecodester.com : https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html
Demo video: https://youtu.be/mAWHYAHmit4