Description
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in adminaccount.php of itsourcecode Hospital Management System v1.0. An attacker can manipulate the Date argument to inject arbitrary SQL statements. This flaw enables unauthorized reading or alteration of database contents, potentially exposing sensitive patient data, but it does not grant the attacker the ability to execute arbitrary code or gain system-level privileges.

Affected Systems

Affected product is itsourcecode Hospital Management System, version 1.0. The flaw lies in the adminaccount.php script handled by the web interface. Only installations with the unpatched 1.0 release are vulnerable; later versions are unknown to be patched.

Risk and Exploitability

The CVSS score of 5.3 marks this flaw as moderate severity. EPSS information is unavailable and the flaw is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation. The attack can be launched remotely via the exposed adminaccount.php URL, requiring no user interaction beyond supplying a crafted Date parameter. An attacker with network access to the web server could exploit this vulnerability to read or modify data stored in the system’s database.

Generated by OpenCVE AI on June 8, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official security update for itsourcecode Hospital Management System if one is available.
  • Ensure that all input parameters, such as the Date field, are properly sanitized or validated before use in SQL statements.
  • Restrict and authenticate access to adminaccount.php so that only authorized administrators can invoke it.

Generated by OpenCVE AI on June 8, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Title itsourcecode Hospital Management System adminaccount.php sql injection
First Time appeared Itsourcecode
Itsourcecode hospital Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:hospital_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode hospital Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Hospital Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T12:15:10.233Z

Reserved: 2026-06-07T15:50:03.082Z

Link: CVE-2026-11513

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-08T13:16:32.367

Modified: 2026-06-08T14:57:14.757

Link: CVE-2026-11513

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T14:45:04Z

Weaknesses