6 matches found
CVE-2026-1147 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_patient_schedule.php cross site scripting
A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This affects an unknown part of the file /php/apipatientschedule.php. Performing a manipulation of the argument Reason results in cross site scripting. It is possible to initiate the attac...
CVE-2025-13248 SourceCodester Patients Waiting Area Queue Management System api_patient_schedule.php sql injection
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/apipatientschedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The...
CVE-2025-13248 SourceCodester Patients Waiting Area Queue Management System api_patient_schedule.php sql injection
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/apipatientschedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The...
CVE-2025-13248
CVE-2025-13248 affects SourceCodester Patients Waiting Area Queue Management System 1.0. The vulnerability is a SQL injection in an unknown function of the file /php/api_patient_schedule.php caused by manipulating the argument appointmentID . This can be triggered remotely and, per sources, the e...
EUVD-2025-38258
A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...
CVE-2025-63718
The CVE-2025-63718 entry describes a SQL injection in SourceCodester PQMS 1.0 at api_patient_schedule.php, where the appointmentID parameter is not properly sanitized, enabling arbitrary SQL commands. This is evidenced across multiple connected sources (e.g., Red Hat, EUVD, NVD/CVE records, CNVD,...