CVE Catalog

CVE-2026-14659

MediumCVSS 6.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0. The issue exists in the /patientappointment.php file, where the patiente argument is vulnerable to manipulation. The attack can be launched remotely, and the exploit has been publicly disclosed.

Risk Assessment

The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to the leakage, modification, or deletion of patient data and other sensitive medical information.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and use parameterized queries to prevent SQL injection attacks.

Original NVD description (English source)

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS