CVE-2026-1148

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-862 — Missing Authorization3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 91.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Patrick Mvuma Patients Waiting Area Queue Management System Sourcecodester Patients Waiting Area Queue Management System Pamzey Patients Waiting Area Queue Management System

Timeline

PublishedJan 19

Description

A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack remotely.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5patrick_mvuma/patients_waiting_area_queue_management_system1.0

▶CVEListV5sourcecodester/patients_waiting_area_queue_management_system1.0

▶NVDpamzey/patients_waiting_area_queue_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery↗2026-01-19

▶

GHSA

GHSA-f8qv-39xm-v99p: A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1↗2026-01-19

▶