| 标题 | SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Business Logic Errors |
|---|
| 描述 | The application fails to enforce proper server-side authorization checks on the patient_id parameter. An authenticated user can manipulate the patient_id value in the URL to submit queue entries on behalf of another patient. The system processes the request without validating whether the authenticated user owns or is authorized to act on the specified patient_id. This results in unauthorized action impersonation. |
|---|
| 来源 | ⚠️ https://github.com/hiranerakkot/Patients-Waiting-Area-Queue-Management-System/blob/main/README.md |
|---|
| 用户 | Hiran (UID 95719) |
|---|
| 提交 | 2026-02-24 10時15分 (1 月前) |
|---|
| 管理 | 2026-03-07 18時15分 (11 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 349700 [SourceCodester Patients Waiting Area Queue Management System 1.0 /checkin.php patient_id 权限提升] |
|---|
| 积分 | 20 |
|---|