| タイトル | SourceCodester Patients Waiting Area Queue Management System 1.0 Improper Access Controls |
|---|
| 説明 | A vulnerability has been found in SourceCodester Patients Waiting Area Queue Management System 1.0. This vulnerability affects an unknown function of the file /php/api_patient_checkin.php of the component Patient Check-In Module.
The application defines an authentication function ValidateToken() within the file at line 220 but never invokes it before processing any incoming request. This architectural flaw allows unauthenticated remote attackers to directly interact with all endpoint handlers including walk-in patient registration and queue record insertion without supplying any credentials, session token or authorization header.
The attack may be initiated remotely with no privileges required and no user interaction needed. The complexity of an attack is rather low. No technical expertise is required as the vulnerability is exploitable through the normal application user interface by any anonymous user with network access to the server. |
|---|
| ソース | ⚠️ https://gist.github.com/HxH404/0ab53ccba44456b5400a5908414f5ab1 |
|---|
| ユーザー | Abhiram T (UID 96000) |
|---|
| 送信 | 2026年03月09日 13:14 (21 日 ago) |
|---|
| モデレーション | 2026年03月23日 06:57 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 352481 [SourceCodester Patients Waiting Area Queue Management System 1.0 Patient Check-In api_patient_checkin.php ValidateToken 特権昇格] |
|---|
| ポイント | 20 |
|---|