CVE-2026-14619
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /medicine.php file. An attacker can remotely manipulate the editid argument, leading to unauthorized database access. The exploit has been published and may be used.
Risk Assessment
The risk includes potential leakage of sensitive patient and staff data, as well as the possibility of modifying or deleting database records, which could disrupt hospital operations.
Recommendation
Immediately update the system to the latest version or apply a security patch. Until the update is deployed, temporarily disable access to /medicine.php or use a Web Application Firewall (WAF) to block SQL injection attacks.
Original NVD description (English source)
A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

