SQL Injection in SourceCodester Patients Waiting Area Queue Management System
CVE-2025-13122

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Patients Waiting Area Queue Management System
Vendor
CVE Published:
13 November 2025

What is CVE-2025-13122?

A vulnerability has been identified in the Patients Waiting Area Queue Management System by SourceCodester, specifically in the getPatientAppointment function within the api_patient_checkin.php file. This vulnerability allows an attacker to conduct SQL injection attacks by manipulating the appointmentID argument. The exploit is accessible remotely, posing significant risk to data integrity and confidentiality. Users are encouraged to take immediate action to mitigate this threat.

Affected Version(s)

Patients Waiting Area Queue Management System 1.0

References

https://vuldb.com/?id.332350
vdb-entrytechnical-description
https://vuldb.com/?ctiid.332350
signaturepermissions-required
https://vuldb.com/?submit.683789
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0CTL0 (VulDB User)
JSON
.
CVE-2025-13122 : SQL Injection in SourceCodester Patients Waiting Area Queue Management System