Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36548: GitHub - HashenUdara/edoc-doctor-appointment-system: Simple web project that made for e-channeling.

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.

CVE
#sql#xss#vulnerability#web#apache#git#php

edoc-echanneling

Simple web project that made for e-channeling. This project helps a certain medical establishment such as a clinic or a hospital clients/patients to request an appointment with a doctor online. This project can also help doctors to manage the schedules of their appointments with their patients. This doctor’s appointment system will organize the schedules of each patient’s appointment, which will be submitted as a request to the doctor they have selected. The system has 3 sides which are the administrator, the doctor, and the patient. The system admin will populate the list of the doctors with their specialties and along with the doctor’s details and system credentials. The patients will browse the doctor’s appointment system website to find a doctor that has the specialty of their needs. The patient can check the doctor’s weekly schedule to help them to choose the day and time which they can comply for the appointment and they will submit their request for an appointment. After that, the doctors can view all their appointments and the appointment request of the patients for their availability.

1.Admin

Admin can add doctors,edit doctors, delete doctors;

Schedule new doctors sessions,remove sessions;

View patients details;

View booking of patients;

2.Doctors

View their Appointment;

view their scheduled sessions;

view details of patients;

delete account;

edit account settings;

3.Patiens(Clients)

make appointment online;

create accounts themslves;

view their old booking;

delete account;

edit account settings;

If you are Admin,doctor or patient ,only have one page to login :)

HOW TO GET STARTED

Open your XAMPP Control Panel and start Apache and MySQL.

Extract the downloaded source code zip file.

Copy the extracted source code folder and paste it into the XAMPP’s “htdocs” directory.

Browse the PHPMyAdmin in a browser. i.e. http://localhost/phpmyadmin

Create a new database naming edoc.

Import the provided SQL file. The file is known as DATABASE edoc.sql located inside the source code root folder.

Browse the Doctor’s Appointment Systsem in a browser. i.e. http://localhost/edoc-echanneling-main/.

DATABASE NAME: ‘edoc’

BUILDIN USER ACCOUNTS OF THIS PROJECT

ADMIN EMAIL: [email protected]

ADMNIN PASSWORD: 123

DOCTOR EMAIL: [email protected]

DOCTOR PASSWORD: 123

PATIENT EMAIL: [email protected]

PATIENT PASSWORD: 123

The Project was developed using the following:

Apache Version: 2.4.39

PHP Version: 7.3.5

Server Software: Apache/2.4.39 (Win64) PHP/7.3.5

MySQL Version: 5.7.26

Also available in sourcecodester.com : https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html

Demo video: https://youtu.be/mAWHYAHmit4

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907