CVE-2026-9603— SourceCodester eDoc Doctor Appointment System delete-session.php authorization
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SourceCodester | eDoc Doctor Appointment System | 1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9603
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SourceCodester eDoc Doctor Appointment System delete-session.php authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
SourceCodester eDoc Doctor Appointment System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SourceCodester eDoc Doctor Appointment System是SourceCodester开源的一个edoc医生预约制度。 SourceCodester eDoc Doctor Appointment System 1.0版本存在安全漏洞,该漏洞源于/admin/delete-session.php文件中参数ID的错误操作,可能导致授权缺失。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SourceCodester | eDoc Doctor Appointment System | 1.0 | cpe:2.3:a:sourcecodester:edoc_doctor_appointment_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-9603
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9603
请登录查看更多情报信息。
Proof of Concept for CVE-2026-9603 (2)
Other References for CVE-2026-9603 (1)
Same Patch Batch · SourceCodester · 2026-05-26 · 4 CVEs total
| CVE-2026-9583 | 4.3 MEDIUM | SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php inf |
| CVE-2026-9582 | 4.3 MEDIUM | SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site reques |
| CVE-2026-9564 | 2.4 LOW | SourceCodester/oretnom23 Hospitals Patient Records Management System view_patient cross si |
IV. Related Vulnerabilities
Same vendor: SourceCodester
- CVE-2026-9583
SourceCodester CET Automated Grading System with AI Predicti - CVE-2026-9582
SourceCodester CET Automated Grading System with AI Predicti - CVE-2026-9564
SourceCodester/oretnom23 Hospitals Patient Records Managemen - CVE-2026-9486
SourceCodester Student Grades Management System cross-site r - CVE-2026-9485
SourceCodester Student Grades Management System students.php
Same weakness: CWE-862
- CVE-2026-44848
Portainer: Missing authorization on Docker plugin endpoints - CVE-2026-44849
Portainer: Endpoint security bypass via Swarm service create - CVE-2026-44884
Portainer: Missing authorization on custom template file end - CVE-2026-42071
MantisBT: Private Bugnote Attachment Content Leak via REST A - CVE-2026-44794
Nautobot: REST API permits creation of GenericForeignKey ref
V. Comments for CVE-2026-9603
No comments yet