CVE-2026-14638
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patient.php file. An attacker can remotely manipulate the editid argument, leading to unauthorized database access. The exploit has been published and may be used.
Risk Assessment
The risk includes potential leakage of sensitive patient data and compromise of database integrity, which could result in serious legal and financial consequences for the organization.
Recommendation
Immediately update the system to the latest version or apply a security patch to prevent SQL injection. Additionally, implement input validation and sanitization for all user inputs.
Original NVD description (English source)
A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

