CVE Catalog

CVE-2026-11514

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A flaw has been found in itsourcecode Hospital Management System 1.0 that allows SQL injection through manipulation of the admissiontme argument in the /addpatient.php file. The attack can be initiated remotely.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to the database and exposure of sensitive patient information.

Recommendation

It is recommended to update the system to the latest version and implement input validation to prevent SQL injection.

Original NVD description (English source)

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS