Description
A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Published: 2026-06-29
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the /doctorchangepassword.php file of itsourcecode Hospital Management System 1.0. Manipulating the newpassword parameter can trigger a SQL injection, allowing an attacker to alter database queries. This flaw can lead to unauthorized access or modification of patient data, compromising confidentiality and integrity.

Affected Systems

Vendors: itsourcecode. Product: Hospital Management System. Affected version: 1.0. No further version details provided.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk, and the EPSS score is not available, suggesting limited current exploitation data. The vulnerability is exploitable remotely via HTTP requests to doctorchangepassword.php, and a public exploit is available via GitHub. Because it is not listed in CISA’s KEV catalog, it has not yet been catalogued as a known exploited vulnerability, but its public availability warrants vigilance.

Generated by OpenCVE AI on June 29, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of the software if a vendor patch addressing SQL injection is available.
  • Restrict access to /doctorchangepassword.php to authenticated users with proper privileges.
  • Sanitize the newpassword input by using parameterized queries or stored procedures to prevent SQL injection.
  • Monitor web traffic for anomalous queries targeting doctorchangepassword.php and block suspicious requests.

Generated by OpenCVE AI on June 29, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Title itsourcecode Hospital Management System doctorchangepassword.php sql injection
First Time appeared Itsourcecode
Itsourcecode hospital Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:hospital_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode hospital Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Itsourcecode Hospital Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T12:55:13.719Z

Reserved: 2026-06-28T10:08:57.143Z

Link: CVE-2026-13541

cve-icon Vulnrichment

Updated: 2026-06-29T12:55:10.905Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T11:00:05Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')