A vulnerability described as critical has been identified in itsourcecode Online Doctor Appointment System 1.0 . This issue affects some unknown processing of the file /admin/appointment_action.php . The manipulation of the argument appointment_id results in sql injection. This vulnerability is reported as CVE-2026-4473 . The attack can be launched remotely. Moreover, an exploit is present.