Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36203: Doctor's Appointment System using PHP Free Source Code

Doctor’s Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

CVE
#sql#xss#web#apache#git#php

Submitted by hshnudr on Wednesday, June 8, 2022 - 10:13.

(Updated)

This project helps a certain medical establishment such as a clinic or a hospital clients/patients to request an appointment with a doctor online. This project can also help doctors to manage the schedules of their appointments with their patients. This doctor’s appointment system will organize the schedules of each patient’s appointment, which will be submitted as a request to the doctor they have selected. The system has 3 sides which are the administrator, the doctor, and the patient. The system admin will populate the list of the doctors with their specialties and along with the doctor’s details and system credentials. The patients will browse the doctor’s appointment system website to find a doctor that has the specialty of their needs. The patient can check the doctor’s weekly schedule to help them to choose the day and time which they can comply for the appointment and they will submit their request for an appointment. After that, the doctors can view all their appointments and the appointment request of the patients for their availability.

****Admin’s Side****

  • Admin can add doctors, edit doctors, delete doctors;

  • Schedule new doctors sessions, remove sessions;

  • View patient details;

  • View booking of patients;

****Doctor’s Side****

  • View their Appointment;
  • view their scheduled sessions;
  • view details of patients;
  • delete account;
  • edit account settings;

Patient’s Side

  • create accounts themselves;
  • view their old booking;
  • delete account;
  • edit account settings;

****HOW TO GET STARTED?****

  1. Open your XAMPP Control Panel and start ****Apache**** and ****MySQL****.
  2. Extract the downloaded source code zip file.
  3. Copy the extracted source code folder and paste it into the XAMPP’s “htdocs” directory.
  4. Browse the ****PHPMyAdmin**** in a browser. i.e. ****http://localhost/phpmyadmin****
  5. Create a new database naming ****edoc****.
  6. Import the provided ****SQL**** file. The file is known as ****SQL_Database_edoc.sql**** located inside the source code root folder.
  7. Browse the Doctor’s Appointment System in a browser. i.e. ****http://localhost/edoc-echanneling-main/****.

**DEFAULT USER ACCOUNTS OF THIS PROJECT******ADMIN****

Email: [email protected]
Password: 123

****Doctor****

Email: [email protected]
Password: 123

****Patient****

Email: [email protected]
Password: 123

DEMO VIDEO

****The Project was developed using the following:****

Apache Version: 2.4.39

PHP Version: 7.3.5

Server Software: Apache/2.4.39 (Win64) PHP/7.3.5

MySQL Version: 5.7.26

Web developer: Hashen Udara https://github.com/HashenUdara/

HashenUdara/edoc-doctor-appointment-system: Simple web project that made for e-channeling. (github.com)

****More Snapshots:****

  • 3074 views

Related news

Doctor's Appointment System 1.0 Cross Site Scripting

Doctor's Appointment System version 1.0 suffers from a cross site scripting vulnerability in register.php. Original discovery of cross site scripting in this version is attributed to Soham Bakore in February of 2021.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907