Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive patient information to any remote attacker without requiring authentication.

The exposed data includes personally identifiable information such as patient IDs, full names, dates of birth, and phone numbers.

Such exposure poses significant privacy and security risks, including potential identity theft, privacy violations, and loss of trust.

Because the exploit is publicly available and can be triggered remotely, attackers can easily access and harvest this sensitive data.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Executive Summary

CVE-2026-3817 is an information disclosure vulnerability in SourceCodester Patients Waiting Area Queue Management System version 1.0, specifically in the file /patient-search.php.

The vulnerability occurs because the application executes an unrestricted SQL query on the patients database without any authentication or authorization checks. The entire patient dataset is embedded directly into a client-side JavaScript variable on every page load.

This means that any unauthenticated remote user can access the page and receive the full patient dataset, which includes sensitive personally identifiable information such as internal patient IDs, full names, exact dates of birth, and phone numbers.

The root cause is the insecure design of embedding the entire patient database into client-side JavaScript without any access control, leading to mass disclosure of sensitive patient information.

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the /patient-search.php page of the SourceCodester Patients Waiting Area Queue Management System version 1.0 is accessible without authentication and returns patient data embedded in a JavaScript variable.'}, {'type': 'paragraph', 'content': "A simple HTTP request to the vulnerable endpoint can reveal the issue. For example, using curl or wget to fetch the page and inspecting the response for the presence of a JavaScript variable named 'Patients' containing patient data."}, {'type': 'list_item', 'content': "curl -s http://<target>/pqms/patient-search.php | grep 'const Patients ='"}, {'type': 'list_item', 'content': "wget -qO- http://<target>/pqms/patient-search.php | grep 'const Patients ='"}, {'type': 'paragraph', 'content': 'Additionally, attackers may use Google dorking with the query inurl:patient-search.php to identify vulnerable targets.'}] [1, 3]

Useful 0 Not Useful 0

Mitigation Strategies

No known countermeasures or mitigations have been reported for this vulnerability.

It is suggested to replace the affected software with an alternative product that properly enforces authentication and authorization checks.

As an immediate step, restrict access to the /patient-search.php page by implementing authentication or network-level access controls to prevent unauthorized remote access.

Useful 0 Not Useful 0