CVE-2026-3724 - Vulnerability Analysis
MediumCVSS: 6.3Last Updated: March 9, 2026
SourceCodester Patients Waiting Area Queue Management System - Broken Access Control
Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Patients Waiting Area Queue Management System 1.0 contains a broken access control caused by manipulation of the "patient_id" argument in /checkin.php, letting remote attackers bypass authorization, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 6.3
Impact
Remote attackers can bypass authorization, potentially accessing or modifying unauthorized data.
Mitigation
Update to the latest version or apply patches addressing authorization checks.
References
Related Resources
Details
- CVE ID
- CVE-2026-3724
- Severity
- Medium
- CVSS Score
- 6.3
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L