Description
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

The SourceCodester Patient Appointment Scheduler System version 1.0 contains an SQL injection vulnerability in the file /scheduler/admin/appointments/manage_appointment.php. A crafted request can be inserted into SQL statements, allowing an attacker to read, modify or delete appointment data stored in the database. This flaw can compromise the confidentiality, integrity, and availability of patient scheduling information.

Affected Systems

The only identified product is SourceCodester Patient Appointment Scheduler System, version 1.0. No other versions or products are listed.

Risk and Exploitability

The CVSS score of 2.7 indicates low severity, and the vulnerability is not listed in the CISA KEV database. EPSS information is unavailable, so the likelihood of exploitation is unclear. Based on the description, it is inferred that the attack vector is through the web interface that submits data to manage_appointment.php, but this is not explicitly documented. The vulnerability could be exploited by an adversary who can send specially crafted input to the affected endpoint, enabling unauthorized data manipulation.

Generated by OpenCVE AI on April 14, 2026 at 18:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or upgrade to a fixed version of the Patient Appointment Scheduler System if one is available.
  • Implement input validation and use parameterized queries in the manage_appointment.php file to eliminate unsanitized SQL usage.
  • Restrict access to the admin area by enforcing strong authentication and limiting privileges to authorized administrators.
  • Deploy a web application firewall configured to detect and block SQL injection patterns.

Generated by OpenCVE AI on April 14, 2026 at 18:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Patient Appointment Scheduler System v1.0

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Patient Appointment Scheduler System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester patient Appointment Scheduler System
Vendors & Products Sourcecodester
Sourcecodester patient Appointment Scheduler System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.
References

Subscriptions

Sourcecodester Patient Appointment Scheduler System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:25:09.200Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37601

cve-icon Vulnrichment

Updated: 2026-04-14T15:24:38.833Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T15:16:33.987

Modified: 2026-06-17T10:41:37.523

Link: CVE-2026-37601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:30:06Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')