Soumettre #766389: SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Business Logic Errorsinformation

Titre	SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Business Logic Errors
Description	The application fails to enforce proper server-side authorization checks on the patient_id parameter. An authenticated user can manipulate the patient_id value in the URL to submit queue entries on behalf of another patient. The system processes the request without validating whether the authenticated user owns or is authorized to act on the specified patient_id. This results in unauthorized action impersonation.
La source	⚠️ https://github.com/hiranerakkot/Patients-Waiting-Area-Queue-Management-System/blob/main/README.md
Utilisateur	Hiran (UID 95719)
Soumission	24/02/2026 10:15 (il y a 1 mois)
Modérer	07/03/2026 18:15 (11 days later)
Statut	Accepté
Entrée VulDB	349700 [SourceCodester Patients Waiting Area Queue Management System 1.0 /checkin.php patient_id élévation de privilèges]
Points	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!