CVE-2026-3980
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in the Online Doctor Appointment System 1.0 admin panel allows unauthenticated remote attackers to manipulate the patient_id parameter and execute arbitrary database queries. The vulnerability affects the /admin/patient_action.php file and enables attackers to compromise data confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate the affected system or restrict admin access to trusted networks only; notify all system administrators and audit recent access logs to /admin/patient_action.php for suspicious activity. Within 7 days: Implement Web Application Firewall rules to monitor and restrict requests to the vulnerable endpoint; conduct a security assessment of patient data for unauthorized modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today