CVE-2026-3817
Improper Authorization in SourceCodester Patient-Search.php Allows Remote Access
Publication date: 2026-03-09
Last updated on: 2026-03-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pamzey | patients_waiting_area_queue_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive patient information to any remote attacker without requiring authentication.
The exposed data includes personally identifiable information such as patient IDs, full names, dates of birth, and phone numbers.
Such exposure poses significant privacy and security risks, including potential identity theft, privacy violations, and loss of trust.
Because the exploit is publicly available and can be triggered remotely, attackers can easily access and harvest this sensitive data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-3817 is an information disclosure vulnerability in SourceCodester Patients Waiting Area Queue Management System version 1.0, specifically in the file /patient-search.php.
The vulnerability occurs because the application executes an unrestricted SQL query on the patients database without any authentication or authorization checks. The entire patient dataset is embedded directly into a client-side JavaScript variable on every page load.
This means that any unauthenticated remote user can access the page and receive the full patient dataset, which includes sensitive personally identifiable information such as internal patient IDs, full names, exact dates of birth, and phone numbers.
The root cause is the insecure design of embedding the entire patient database into client-side JavaScript without any access control, leading to mass disclosure of sensitive patient information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the /patient-search.php page of the SourceCodester Patients Waiting Area Queue Management System version 1.0 is accessible without authentication and returns patient data embedded in a JavaScript variable.'}, {'type': 'paragraph', 'content': "A simple HTTP request to the vulnerable endpoint can reveal the issue. For example, using curl or wget to fetch the page and inspecting the response for the presence of a JavaScript variable named 'Patients' containing patient data."}, {'type': 'list_item', 'content': "curl -s http://<target>/pqms/patient-search.php | grep 'const Patients ='"}, {'type': 'list_item', 'content': "wget -qO- http://<target>/pqms/patient-search.php | grep 'const Patients ='"}, {'type': 'paragraph', 'content': 'Additionally, attackers may use Google dorking with the query inurl:patient-search.php to identify vulnerable targets.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been reported for this vulnerability.
It is suggested to replace the affected software with an alternative product that properly enforces authentication and authorization checks.
As an immediate step, restrict access to the /patient-search.php page by implementing authentication or network-level access controls to prevent unauthorized remote access.