Filtered by vendor Pamzey
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13248 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-12-11 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-64081 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-12-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter. | |||||
| CVE-2025-63718 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-11-17 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | |||||
| CVE-2025-13122 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||