Patient Appointment Scheduler System SQL Injection vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

Patient Appointment Scheduler System SQL Injection vulnerability

CVE-2026-37602

Summary

The Patient Appointment Scheduler System has a security weakness that allows an attacker to access sensitive information by manipulating database queries. This can lead to unauthorized access to user data, potentially compromising patient confidentiality. Users should update to the latest version of the software to fix this issue.

Original title

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

Original description

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appoint...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026