Sourcecodester Patients Waiting Area Queue Management System vulnerabilities

CVE-2026-4617 [MEDIUM] CWE-266 CVE-2026-4617: A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit h

CVE-2026-3817 [MEDIUM] CWE-266 CVE-2026-3817: A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. Th A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used.

CVE-2026-3724 [MEDIUM] CWE-266 CVE-2026-3724: A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for

CVE-2026-3171 [MEDIUM] CWE-79 CVE-2026-3171: A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and

CVE-2026-3170 [MEDIUM] CWE-79 CVE-2026-3170: A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

CVE-2026-2149 [MEDIUM] CWE-79 CVE-2026-2149: A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and

CVE-2026-2150 [MEDIUM] CWE-79 CVE-2026-2150: A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patient_id causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.

CVE-2026-2154 [MEDIUM] CWE-79 CVE-2026-2154: A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Managemen A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploi

CVE-2026-1146 [MEDIUM] CWE-79 CVE-2026-1146: A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Managemen A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_patient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be performed from remote. The exploit has bee

CVE-2026-1147 [MEDIUM] CWE-79 CVE-2026-1147: A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management Sys A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/api_patient_schedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could

CVE-2026-1148 [MEDIUM] CWE-352 CVE-2026-1148: A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Managemen A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack remotely.

CVE-2025-13248 [MEDIUM] CWE-74 CVE-2025-13248: A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and coul

CVE-2025-13122 [MEDIUM] CWE-74 CVE-2025-13122: A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. Th A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public