CVE-2026-14730
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL injection vulnerability has been discovered in itsourcecode Hospital Management System 1.0 in the /patientprofile.php file. An attacker can remotely manipulate the patientname argument, leading to SQL injection. The exploit has been publicly released and may be used in attacks.
Risk Assessment
The organization is at risk of unauthorized database access, leakage of sensitive patient data, and potential system takeover.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all input data in the /patientprofile.php file.
Original NVD description (English source)
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientprofile.php. Performing a manipulation of the argument patientname results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

