| Название | SourceCodester Patients Waiting Area Queue Management System 1.0 Improper Access Controls |
|---|
| Описание | A vulnerability has been found in SourceCodester Patients Waiting Area Queue Management System 1.0. This vulnerability affects an unknown function of the file /php/api_patient_checkin.php of the component Patient Check-In Module.
The application defines an authentication function ValidateToken() within the file at line 220 but never invokes it before processing any incoming request. This architectural flaw allows unauthenticated remote attackers to directly interact with all endpoint handlers including walk-in patient registration and queue record insertion without supplying any credentials, session token or authorization header.
The attack may be initiated remotely with no privileges required and no user interaction needed. The complexity of an attack is rather low. No technical expertise is required as the vulnerability is exploitable through the normal application user interface by any anonymous user with network access to the server. |
|---|
| Источник | ⚠️ https://gist.github.com/HxH404/0ab53ccba44456b5400a5908414f5ab1 |
|---|
| Пользователь | Abhiram T (UID 96000) |
|---|
| Представление | 09.03.2026 13:14 (28 дни назад) |
|---|
| Модерация | 23.03.2026 06:57 (14 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 352481 [SourceCodester Patients Waiting Area Queue Management System 1.0 Patient Check-In api_patient_checkin.php ValidateToken эскалация привилегий] |
|---|
| Баллы | 20 |
|---|