CVE-2026-5181

MEDIUM WAF: Medium

CVSS 6.3 Published: 2026-03-31

CWE-434

A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_category. Such manipulation of the argument img leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

WAF Coverage Analysis

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

References

github.com
vuldb.com
vuldb.com
vuldb.com
www.sourcecodester.com

Back to CVE Database