Patient Appointment Scheduler System SQL Injection Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

2.7

Patient Appointment Scheduler System SQL Injection Vulnerability

CVE-2026-37600

Summary

The Patient Appointment Scheduler System's 'view_details' page allows hackers to access sensitive data by manipulating the URL, potentially exposing patient information. This can happen if an attacker inputs malicious code into the search bar. To protect sensitive data, update the system to prevent SQL injection attacks.

Original title

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Original description

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Vulnerability type

CWE-89 SQL Injection

https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appoint...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026