CVE-2026-14659
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0. The issue exists in the /patientappointment.php file, where the patiente argument is vulnerable to manipulation. The attack can be launched remotely, and the exploit has been publicly disclosed.
Risk Assessment
The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to the leakage, modification, or deletion of patient data and other sensitive medical information.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and use parameterized queries to prevent SQL injection attacks.
Original NVD description (English source)
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

