| عنوان | SourceCodester Patients Waiting Area Queue Management System 1 SQL Injection |
|---|
| الوصف | A SQL Injection vulnerability exists in the appointmentID parameter of the api_patient_checkin.php endpoint in the Patient Queue Management System (PQMS). The application fails to properly sanitize user input before incorporating it into SQL queries. An attacker can exploit this vulnerability to execute arbitrary SQL commands against a MySQL backend, potentially leading to database disclosure, modification, or complete compromise. |
|---|
| المصدر | ⚠️ https://medium.com/@rvpipalwa/sql-injection-vulnerability-in-appointment-check-in-endpoint-patient-queue-management-system-cb6d32c08382 |
|---|
| المستخدم | rvpipalwa (UID 93501) |
|---|
| ارسال | 28/02/2026 11:23 AM (2 أشهر منذ) |
|---|
| الاعتدال | 08/03/2026 06:48 PM (8 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 332350 [SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_checkin.php getPatientAppointment appointmentID حقن SQL] |
|---|
| النقاط | 0 |
|---|