| 제목 | SourceCodester Patients Waiting Area Queue Management System 1.0 Improper Access Controls |
|---|
| 설명 | A vulnerability has been found in SourceCodester Patients Waiting Area Queue Management System 1.0. This vulnerability affects an unknown function of the file /php/api_patient_checkin.php of the component Patient Check-In Module.
The application defines an authentication function ValidateToken() within the file at line 220 but never invokes it before processing any incoming request. This architectural flaw allows unauthenticated remote attackers to directly interact with all endpoint handlers including walk-in patient registration and queue record insertion without supplying any credentials, session token or authorization header.
The attack may be initiated remotely with no privileges required and no user interaction needed. The complexity of an attack is rather low. No technical expertise is required as the vulnerability is exploitable through the normal application user interface by any anonymous user with network access to the server. |
|---|
| 원천 | ⚠️ https://gist.github.com/HxH404/0ab53ccba44456b5400a5908414f5ab1 |
|---|
| 사용자 | Abhiram T (UID 96000) |
|---|
| 제출 | 2026. 03. 09. PM 01:14 (21 날 ago) |
|---|
| 모더레이션 | 2026. 03. 23. AM 06:57 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352481 [SourceCodester Patients Waiting Area Queue Management System 1.0 Patient Check-In api_patient_checkin.php ValidateToken 권한 상승] |
|---|
| 포인트들 | 20 |
|---|