PT-2025-47083 · Sourcecodester · Patients Waiting Area Queue Management System
Hacja
·
Published
2025-11-16
·
Updated
2025-12-11
·
CVE-2025-13248
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Patients Waiting Area Queue Management System version 1.0
Description
A flaw exists in SourceCodester Patients Waiting Area Queue Management System 1.0. The issue involves SQL injection stemming from manipulation of the
appointmentID argument within an unknown function of the /php/api patient schedule.php file. This allows for remote exploitation and the exploit is publicly available.Recommendations
Apply any available updates or patches for the affected system.
As a temporary workaround, restrict access to the
/php/api patient schedule.php file.
Sanitize the appointmentID input to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Patients Waiting Area Queue Management System