CVE-2026-3724
Improper Authorization in SourceCodester Queue System via patient_id
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pamzey | patients_waiting_area_queue_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3724 is an improper authorization vulnerability in the SourceCodester Patients Waiting Area Queue Management System version 1.0, specifically in the /checkin.php file. The issue arises because the system does not properly verify whether an authenticated user is authorized to act on the patient_id parameter provided in the URL.
This allows an authenticated user to manipulate the patient_id value to perform actions on behalf of other patients without permission, such as submitting queue entries for them. This is a form of Insecure Direct Object Reference (IDOR) and leads to unauthorized access and impersonation within the system.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers or unauthorized users to manipulate patient queue entries, impersonate other patients, and disrupt clinical workflows.
- Unauthorized submission of queue entries on behalf of other patients.
- Compromise of the integrity of patient waiting room records.
- Potential operational disruption due to fake or spam check-ins.
- Abuse of business logic leading to priority manipulation or denial of service within the queue system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability poses potential compliance and privacy risks in healthcare contexts, as it allows unauthorized access and manipulation of patient-related data and operations.
Such unauthorized access and impersonation could lead to violations of regulations like GDPR and HIPAA, which require strict controls over patient data confidentiality, integrity, and access authorization.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the /checkin.php endpoint for improper authorization on the patient_id parameter. Specifically, an authenticated user can attempt to manipulate the patient_id value in the URL to see if the system allows actions on behalf of other patients without proper permission.'}, {'type': 'paragraph', 'content': "One detection method is to log in with valid staff credentials, register a new patient in a separate session or browser, then alter the patient_id parameter in the check-in URL to another patient's ID. If the system reflects queue entries for patients other than the authenticated user, the vulnerability is present."}, {'type': 'paragraph', 'content': 'Additionally, attackers or testers can use Google dorking with queries such as inurl:checkin.php to identify potentially vulnerable targets.'}, {'type': 'paragraph', 'content': 'No specific commands are documented, but manual URL manipulation and monitoring HTTP requests to /checkin.php with altered patient_id parameters can help detect the issue.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been documented for this vulnerability.
It is suggested to replace the affected software with an alternative product that properly implements authorization checks.
Until a fix or patch is available, restricting access to the affected system and monitoring for suspicious activity involving the patient_id parameter may help reduce risk.