CVE Catalog

CVE-2026-14638

MediumCVSS 6.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patient.php file. An attacker can remotely manipulate the editid argument, leading to unauthorized database access. The exploit has been published and may be used.

Risk Assessment

The risk includes potential leakage of sensitive patient data and compromise of database integrity, which could result in serious legal and financial consequences for the organization.

Recommendation

Immediately update the system to the latest version or apply a security patch to prevent SQL injection. Additionally, implement input validation and sanitization for all user inputs.

Original NVD description (English source)

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS