{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37600", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T15:25:24.236Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:14:11.228Z"}, "descriptions": [{"lang": "en", "value": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/SQL-1.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:25:17.409077Z", "id": "CVE-2026-37600", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:25:24.236Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-37600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:25:17.409077Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:24:43.817Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/SQL-1.md"}], "descriptions": [{"lang": "en", "value": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:14:11.228Z"}}}, "cveMetadata": {"cveId": "CVE-2026-37600", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:25:24.236Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php."}], "id": "CVE-2026-37600", "lastModified": "2026-04-17T15:32:21.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T15:16:33.863", "references": [{"source": "cve@mitre.org", "url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/patient-appointment-scheduler-system/SQL-1.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "patient_appointment_scheduler_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-14T18:14:50.791197+00:00", "value": {"mitigation_remediation": ["Apply a vendor\u2011supplied patch when it becomes available.", "If a patch is unavailable, refactor the view_details.php code to use prepared statements or parameterized queries so that user input is properly sanitized.", "Limit access to the /scheduler/admin/appointments/view_details.php page to trusted administrators, and consider disabling or removing the endpoint if it is not required for normal operations."], "summary": {"action": "Patch Now", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "This flaw exists in SourceCodester Patient Appointment Scheduler System version 1.0. No other vendor or product variations are listed, and the CVE does not specify additional affected releases beyond that version.", "description_and_impact": "The Patient Appointment Scheduler System contains a SQL injection flaw in the view_details.php page, which is part of the administrative interface. The vulnerability stems from an unsanitized SQL query that directly interpolates user input into a statement. Based on the description, it is inferred that an attacker could inject arbitrary SQL that would be executed by the database when the page is requested. The potential impact\u2014such as reading, modifying, or deleting appointment data\u2014is also inferred, as the flaw allows manipulation of the SQL command.", "risk_and_exploitability": "The CVSS base score is 2.7, indicating low severity, and no EPSS score is available. The vulnerability is not included in the CISA Known Exploited Vulnerabilities catalog. Attackers would likely need to reach the authenticated administrative interface to exploit the flaw, possibly by using valid credentials or by leveraging other weaknesses to obtain access. Based on the description, the attack vector is inferred to be a crafted HTTP request to the view_details.php endpoint. The overall risk remains low, but the presence of potential data exposure warrants timely remediation."}}}}, "created": "2026-04-14T16:16:40.843753+00:00", "updated": "2026-04-15T15:45:07.511903+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$patient_appointment_scheduler_system"]}