| Title | SourceCodester Patients Waiting Area Queue Management System 1 SQL Injection |
|---|
| Description | A SQL Injection vulnerability exists in the appointmentID parameter of the api_patient_checkin.php endpoint in the Patient Queue Management System (PQMS). The application fails to properly sanitize user input before incorporating it into SQL queries. An attacker can exploit this vulnerability to execute arbitrary SQL commands against a MySQL backend, potentially leading to database disclosure, modification, or complete compromise. |
|---|
| Source | ⚠️ https://medium.com/@rvpipalwa/sql-injection-vulnerability-in-appointment-check-in-endpoint-patient-queue-management-system-cb6d32c08382 |
|---|
| User | rvpipalwa (UID 93501) |
|---|
| Submission | 02/28/2026 11:23 (1 month ago) |
|---|
| Moderation | 03/08/2026 18:48 (8 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 332350 [SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_checkin.php getPatientAppointment appointmentID sql injection] |
|---|
| Points | 0 |
|---|