Patient Appointment Scheduler System v1.0 allows attackers to run malicious code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

Patient Appointment Scheduler System v1.0 allows attackers to run malicious code

CVE-2026-37598

Summary

The Patient Appointment Scheduler System version 1.0 has a security issue that allows unauthorized access to run malicious code. This could lead to unauthorized changes to system settings or even complete system takeover. Update the system to the latest version or patch the vulnerable file to prevent this risk.

Original title

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

Original description

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appoint...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026