| Title | SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Business Logic Errors |
|---|
| Description | The application fails to enforce proper server-side authorization checks on the patient_id parameter. An authenticated user can manipulate the patient_id value in the URL to submit queue entries on behalf of another patient. The system processes the request without validating whether the authenticated user owns or is authorized to act on the specified patient_id. This results in unauthorized action impersonation. |
|---|
| Source | ⚠️ https://github.com/hiranerakkot/Patients-Waiting-Area-Queue-Management-System/blob/main/README.md |
|---|
| User | Hiran (UID 95719) |
|---|
| Submission | 02/24/2026 10:15 (1 month ago) |
|---|
| Moderation | 03/07/2026 18:15 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349700 [SourceCodester Patients Waiting Area Queue Management System 1.0 /checkin.php patient_id improper authorization] |
|---|
| Points | 20 |
|---|