Home

Description

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PUBLISHED Reserved 2026-05-26 | Published 2026-05-26 | Updated 2026-05-27 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
6.4AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Missing Authorization

Incorrect Authorization

Product status

1.0
affected

Timeline

2026-05-26:Advisory disclosed
2026-05-26:VulDB entry created
2026-05-26:VulDB entry last update

Credits

vaibhavnarkhede (VulDB User) reporter

vaibhavnarkhede (VulDB User) analyst

References

vuldb.com/vuln/365676 (VDB-365676 | SourceCodester eDoc Doctor Appointment System delete-session.php authorization) vdb-entry technical-description

vuldb.com/vuln/365676/cti (VDB-365676 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/817935 (Submit #817935 | SourceCodester eDoc Doctor Appointment System 1.0 Missing Authorization) third-party-advisory

github.com/...VE-2026-9603-Missing-Authorization/Advisory.md exploit

github.com/...ain/CVE-2026-9603-Missing-Authorization/poc.sh exploit

www.sourcecodester.com/ product

cve.org (CVE-2026-9603)

nvd.nist.gov (CVE-2026-9603)

Download JSON