Home

Description

A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-07 | Updated 2025-11-07 | Assigner mitre

References

www.sourcecodester.com/...-area-queue-management-system.html

github.com/...earch-2025/blob/main/CVE-2025-63718/README8.md

cve.org (CVE-2025-63718)

nvd.nist.gov (CVE-2025-63718)

Download JSON