CVE Catalog

CVE-2026-14619

MediumCVSS 6.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /medicine.php file. An attacker can remotely manipulate the editid argument, leading to unauthorized database access. The exploit has been published and may be used.

Risk Assessment

The risk includes potential leakage of sensitive patient and staff data, as well as the possibility of modifying or deleting database records, which could disrupt hospital operations.

Recommendation

Immediately update the system to the latest version or apply a security patch. Until the update is deployed, temporarily disable access to /medicine.php or use a Web Application Firewall (WAF) to block SQL injection attacks.

Original NVD description (English source)

A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS