CVE Catalog

CVE-2026-14703

MediumCVSS 6.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A SQL Injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.

Risk Assessment

An attacker can remotely extract, modify, or delete data from the hospital's database, potentially compromising patient data confidentiality and disrupting system operations.

Recommendation

Immediately update the system to the latest version or apply a security patch. If unavailable, temporarily disable access to /patientorder.php or implement input filtering.

Original NVD description (English source)

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS