CVE advisoryCRITICAL
CVE-2022-36202
Doctor's Appointment System 1.0 Broken Access Control Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical broken access control vulnerability exists in the Doctor's Appointment System, allowing unauthorized users to view or modify patient data via the `settings.php` page by manipulating a URL parameter. This could lead to exposure of sensitive information.