| शीर्षक | SourceCodester Patients Waiting Area Queue Management System 1 SQL Injection |
|---|
| विवरण | A blind SQL injection vulnerability has been identified in Patients Waiting Area Queue Management System.
This vulnerability resides in the Patient Check-in (Appointment) that under the back-end API /pqms/php/api_patient_schedule.php file.
Due to Appointment function not properly implement input validation, it can be exploited by sending a crafted request to the input field of parameter (AppointmentId) with malicious SQL code.
Successful exploitation, the attacker can manipulate the database to delay in 0 or 20 milli-second(s) and access the unauthorized sensitive information.
It is recommended to apply the input validation for protecting the application from this attack vector. |
|---|
| स्रोत | ⚠️ https://github.com/rayficom/Proof-of-Concept/blob/main/20260218/README.md |
|---|
| उपयोगकर्ता | waimanlo (UID 88459) |
|---|
| सबमिशन | 18/02/2026 09:19 AM (4 महीनों पहले) |
|---|
| संयम | 24/02/2026 11:01 PM (7 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 332582 [SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_schedule.php appointmentID SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|