| Title | Patrick Mvuma Patients Waiting Area Queue Management System 1.0 Cross-Site Request Forgery |
|---|
| Description | PQMS-CSRF-01 (pqms/php/api_register_patient.php (create patient))
Title: Cross-Site Request Forgery in Patient Registration
What is the vulnerability?
The patient registration endpoint (pqms/php/api_register_patient.php) performs a state-changing operation without CSRF protection. No anti-CSRF token validation is enforced. |
|---|
| User | bobsux (UID 94358) |
|---|
| Submission | 01/09/2026 20:14 (5 months ago) |
|---|
| Moderation | 01/18/2026 14:50 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341741 [SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 cross-site request forgery] |
|---|
| Points | 16 |
|---|