A vulnerability was found in SourceCodester Patient Appointment Scheduler System 1.0 . It has been classified as critical . This vulnerability affects unknown code of the file /scheduler/admin/user/manage_user.php . Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-37602 . The attack is possible to be carried out remotely. No exploit exists.