CVE-2021-27124
18Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 5.7%
exploitation probability
5.7%top 8% of all CVEs
observed exploitation
nono source reports it
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.
Affected products
n/a · n/a