Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Patrick Mvuma Queue Management System Allows Remote Code Injection
CVE-2026-3170
Summary
A vulnerability in the Patrick Mvuma Queue Management System allows an attacker to inject malicious code into a search function, potentially allowing them to steal sensitive information or take control of the system. This can happen when a user enters a specially crafted name in the search field. Users should update the system to the latest version to mitigate this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| pamzey | patients_waiting_area_queue_management_system | 1.0 | – |
Original title
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of ...
Original description
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.
nvd CVSS2.0
3.3
nvd CVSS3.1
4.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://gist.github.com/archana1122m/e2953222b47c29c8c69855f5d623267d Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347677 Permissions Required VDB Entry
- https://vuldb.com/?id.347677 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.759845 Third Party Advisory VDB Entry
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026