Primary

Context

SourceCodester Patients Waiting Area Queue Management System Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in SourceCodester Patrick Mvuma Patients Waiting Area Queue Management System version 1.0. This issue arises because the patient registration endpoint lacks proper CSRF protection, allowing remote attacks that exploit this weakness.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can trick a user into performing actions without their consent, potentially leading to unauthorized changes or data submissions.

Reproduction

To reproduce this vulnerability, send a request to the patient registration endpoint (pqms/php/api_register_patient.php) without including an anti-CSRF token. The absence of token validation will allow the request to be processed, demonstrating the CSRF vulnerability.

Added: Jan 19, 2026, 10:19 AM

Updated: Jan 19, 2026, 10:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.5

remediation

0.0

relevance

2.2

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.5

remediation

0.0

relevance

2.2

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Patients Waiting Area Queue Management System Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating