| Title | SourceCodester Patients Waiting Area Queue Management System 1.0 Improper Access Controls |
|---|
| Description | A vulnerability has been found in SourceCodester Patients Waiting Area Queue Management System 1.0. This vulnerability affects an unknown function of the file /php/api_patient_checkin.php of the component Patient Check-In Module.
The application defines an authentication function ValidateToken() within the file at line 220 but never invokes it before processing any incoming request. This architectural flaw allows unauthenticated remote attackers to directly interact with all endpoint handlers including walk-in patient registration and queue record insertion without supplying any credentials, session token or authorization header.
The attack may be initiated remotely with no privileges required and no user interaction needed. The complexity of an attack is rather low. No technical expertise is required as the vulnerability is exploitable through the normal application user interface by any anonymous user with network access to the server. |
|---|
| Source | ⚠️ https://gist.github.com/HxH404/0ab53ccba44456b5400a5908414f5ab1 |
|---|
| User | Abhiram T (UID 96000) |
|---|
| Submission | 03/09/2026 13:14 (20 days ago) |
|---|
| Moderation | 03/23/2026 06:57 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 352481 [SourceCodester Patients Waiting Area Queue Management System 1.0 Patient Check-In api_patient_checkin.php ValidateToken improper authorization] |
|---|
| Points | 20 |
|---|