CVE-2026-14703
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL Injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.
Risk Assessment
An attacker can remotely extract, modify, or delete data from the hospital's database, potentially compromising patient data confidentiality and disrupting system operations.
Recommendation
Immediately update the system to the latest version or apply a security patch. If unavailable, temporarily disable access to /patientorder.php or implement input filtering.
Original NVD description (English source)
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

