CVE-2025-13122 | SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_checkin.php getPatientAppointment appointmentID sql injection

Inserito da Angelo Barbosa | Nov 13, 2025 | CVE

A vulnerability has been found in SourceCodester Patients Waiting Area Queue Management System 1.0 and classified as critical. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing manipulation of the argument appointmentID results in sql injection.

This vulnerability is cataloged as CVE-2025-13122. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-13122 | SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_checkin.php getPatientAppointment appointmentID sql injection

Post correlati

CVE-2025-11460 | Google Chrome up to 141.0.7390.54 Storage use after free

CVE-2024-49360 | sandboxie-plus Sandboxie up to 5.69.5 on Windows explorer.exe path traversal (GHSA-4chj-3c28-gvmp)

CVE-2024-56131 | Progress LoadMaster up to 7.2.60.1 os command injection

CVE-2024-45405 | Byron gitoxide up to 0.10.10 gix_path::env resolution of path (GHSA-m8rp-vv92-46c7)