CVE-2026-3724

MEDIUM

Patients Waiting Area Queue 1.0 - Auth Bypass

Title source: llm

Description

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?submit.766389

[Permissions Required, VDB Entry] https://vuldb.com/?id.349700

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349700

[Third Party Advisory] https://github.com/hiranerakkot/Patients-Waiting-Area-Queue-Management-System/blob/main/README.md

View Writeup ZIP pw:eip

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

pamzey/patients_waiting_area_queue_management_system 1.0

Published Mar 08, 2026

Tracked Since Mar 08, 2026