| Titel | SourceCodester Patients Waiting Area Queue Management System 1.0 SQL Injection |
|---|
| Beschreibung | A SQL injection vulnerability has been identified both in the "pqms/php/api_patient_schedule.php" and the "pqms/php/api_patient_checkin.php" file of the "SourceCodester Patients Waiting Area Queue Management System" project. The vulnerability originates from the "appointmentID" parameter where attackers can inject malicious code that is directly incorporated into SQL queries without proper sanitization or validation. This allows threat actors to craft input values that manipulate the SQL query structure and execute unauthorized database operations.
|
|---|
| Quelle | ⚠️ https://github.com/2H-K/mycve/issues/2 |
|---|
| Benutzer | hacja (UID 92094) |
|---|
| Einreichung | 02.11.2025 15:44 (vor 6 Monaten) |
|---|
| Moderieren | 15.11.2025 15:57 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 332582 [SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_schedule.php appointmentID SQL Injection] |
|---|
| Punkte | 20 |
|---|