SQL Injection Vulnerability in SourceCodester Simple Doctors Appointment System 1.0 (CVE-2026-5179)
A SQL injection vulnerability (CVE-2026-5179) exists in SourceCodester Simple Doctors Appointment System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the Username argument in the /admin/login.php file, with a public exploit available.
SourceCodester Simple Doctors Appointment System 1.0 is vulnerable to SQL injection. The vulnerability, identified as CVE-2026-5179, resides in the /admin/login.php file. An attacker can remotely exploit this vulnerability by manipulating the Username argument, injecting malicious SQL commands into the application’s database queries. The vulnerability was published on March 31, 2026, and a public exploit is available, increasing the risk of exploitation. This vulnerability could allow attackers…
Detection coverage 2
Detect SQL Injection Attempt via Username Field
highDetects potential SQL injection attempts by monitoring POST requests to /admin/login.php with suspicious characters in the Username field.
Detect SQL Error Messages in Web Responses
mediumDetects potential SQL injection vulnerabilities by monitoring server responses that contain SQL error messages.
Detection queries are kept inside the platform. Get full rules →