CVE-2026-9603
Authorization Bypass in eDoc Doctor Appointment System
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | edoc_doctor_appointment_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SourceCodester eDoc Doctor Appointment System 1.0, specifically in the /admin/delete-session.php file. It involves manipulation of the argument ID which leads to missing authorization controls. This means an attacker can remotely exploit this flaw to perform actions without proper permission.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to bypass authorization checks by manipulating the ID parameter. This can lead to unauthorized actions such as deleting sessions or other administrative functions, potentially compromising the integrity and availability of the system.