Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SourceCodester Patients Waiting Area Queue Management System: Unauthorized Access to Patient Data
CVE-2026-4617
Summary
A security weakness in SourceCodester Patients Waiting Area Queue Management System 1.0 allows unauthorized access to patient data. This could happen when a malicious person uses a remote attack, potentially exploiting publicly available exploit code. To protect patient data, update to a newer version of the system.
Original title
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of th...
Original description
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026