CVE-2025-64081

SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://packetstorm.news/files/id/211592	Exploit
https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:pamzey:patients_waiting_area_queue_management_system:1.0:*:*:*:*:*:*:*

History

08 Dec 2025, 19:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:pamzey:patients_waiting_area_queue_management_system:1.0:::::::*
References	~~() https://packetstorm.news/files/id/211592 -~~	() https://packetstorm.news/files/id/211592 - Exploit
References	~~() https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html -~~	() https://www.sourcecodester.com/php/18348/patients-waiting-area-queue-management-system.html - Product
First Time		Pamzey patients Waiting Area Queue Management System Pamzey
CWE		CWE-89
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

08 Dec 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-08 18:15

Updated : 2025-12-08 22:15

NVD link : CVE-2025-64081

Mitre link : CVE-2025-64081

CVE.ORG link : CVE-2025-64081

JSON object : View

Products Affected

pamzey

patients_waiting_area_queue_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

9.8 /10