EUVD-2026-14674CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
SourceCodester Patients Waiting Area Queue Management System 1.0 contains an improper authorization flaw in the ValidateToken function of the Patient Check-In Module that allows unauthenticated remote attackers to bypass access controls. Public exploit code is available for this vulnerability, and no patch has been released. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from public internet access; enable comprehensive logging and monitoring for the /php/api_patient_checkin.php endpoint; notify stakeholders and legal/compliance teams. Within 7 days: Implement WAF rules to block malicious requests to vulnerable endpoints; conduct forensic analysis for signs of exploitation; brief executive leadership on remediation timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today