Description
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-03-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper Authorization
Action: Assess Impact
AI Analysis

Impact

The vulnerability resides in the checkin.php component of SourceCodester Patients Waiting Area Queue Management System version 1.0. By modifying the patient_id argument sent to this script, an attacker can bypass the application’s authorization checks and view or edit data belonging to other patients. This improper authorization flaw, classified as CWE‑266 and CWE‑285, enables unauthorized access to sensitive medical information. The CVSS score of 5.3 indicates a moderate severity level.

Affected Systems

The affected product is SourceCodester’s Patients Waiting Area Queue Management System, specifically version 1.0. No other releases are reported as vulnerable, and the issue is not present in earlier or later named revisions according to the available CNA data.

Risk and Exploitability

The CVSS score of 5.3 places this flaw in the moderate risk category, while the EPSS score of less than 1% suggests a low probability of exploitation at present. Nonetheless, the vulnerability is publicly available as an exploit, and the lack of a KEV listing does not diminish the potential impact. Attackers can initiate the exploit remotely via HTTP requests to /checkin.php, manipulating patient_id to gain unauthorized access to patient records. Organizations using this system should assess the exposure of sensitive data and consider mitigations accordingly.

Generated by OpenCVE AI on April 16, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the SourceCodester website or official repository for an updated release that resolves the improper authorization in the checkin.php module.
  • If no patch is available, enforce access controls on the /checkin.php endpoint so that only authenticated users with appropriate roles can invoke the script.
  • Review and monitor web server logs for anomalous patient_id requests and block traffic that attempts to access patient data outside authorized bounds.

Generated by OpenCVE AI on April 16, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Pamzey
Pamzey patients Waiting Area Queue Management System
CPEs cpe:2.3:a:pamzey:patients_waiting_area_queue_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Pamzey
Pamzey patients Waiting Area Queue Management System

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester patients Waiting Area Queue Management System
Vendors & Products Sourcecodester
Sourcecodester patients Waiting Area Queue Management System

Sun, 08 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title SourceCodester Patients Waiting Area Queue Management System checkin.php improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Pamzey Patients Waiting Area Queue Management System
Sourcecodester Patients Waiting Area Queue Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-11T14:44:51.246Z

Reserved: 2026-03-07T17:15:25.909Z

Link: CVE-2026-3724

cve-icon Vulnrichment

Updated: 2026-03-11T14:44:43.172Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T09:16:18.163

Modified: 2026-03-09T14:29:36.120

Link: CVE-2026-3724

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:30:13Z

Weaknesses