Description
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Data Compromise via SQL Injection
Action: Patch Now
AI Analysis

Impact

The vulnerability is an unsanitized input that permits arbitrary SQL execution in the admin view of appointments. An attacker could read, modify, or delete patient records, appointment schedules, and other sensitive data. This flaw maps to improper input validation (CWE‑89) and results in confidentiality and integrity violations.

Affected Systems

The affected application is the SourceCodester Patient Appointment Scheduler System, version 1.0. The flaw resides in /scheduler/admin/appointments/view_details.php, a file used by the administrative interface typically accessed by authorized personnel.

Risk and Exploitability

The risk level is high because the injection is unrestricted; an attacker can exploit the flaw via the web interface by sending crafted parameters or form data. While no specific exploitation metrics are published, the absence of mitigation indicates a moderate to high likelihood of attack. Immediate remediation is recommended.

Generated by OpenCVE AI on April 14, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated version of the system where the view_details.php file has been fixed or replaced with a secure implementation
  • If an update is not possible, modify view_details.php to use parameterized queries or properly escape all database inputs
  • Restrict access to the /scheduler/admin/appointments directory to trusted administrative users or specific IP addresses
  • Verify that the vulnerability is resolved with a vulnerability scan and monitor logs for suspicious activity

Generated by OpenCVE AI on April 14, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Admin Appointment View Details of Patient Appointment Scheduler System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester patient Appointment Scheduler System
Vendors & Products Sourcecodester
Sourcecodester patient Appointment Scheduler System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.
References

Subscriptions

Sourcecodester Patient Appointment Scheduler System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:25:24.236Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37600

cve-icon Vulnrichment

Updated: 2026-04-14T15:24:43.817Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:33.863

Modified: 2026-04-14T16:16:42.400

Link: CVE-2026-37600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:47Z

Weaknesses