SQL Injection in Patient Appointment Scheduler System

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

SQL Injection in Patient Appointment Scheduler System

CVE-2026-37601

Summary

A bug in the Patient Appointment Scheduler System allows an attacker to access sensitive patient data. This means that a hacker could potentially steal or manipulate patient information. Update the system to a fixed version or apply a patch to prevent this issue.

Original title

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

Original description

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appoint...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026