Impact
The flaw in itsourcecode Hospital Management System 1.0 occurs in the patientdetail.php file when the editid parameter is manipulated, providing an opportunity for SQL injection (CWE‑89). This permits an attacker to execute arbitrary SQL statements, enabling read, modification, or deletion of patient data from the database. The absence of input validation or prepared statements simplifies exploitation, threatening confidentiality and integrity.
Affected Systems
itsourcecode Hospital Management System, version 1.0, which is the only currently identified affected release. The vulnerability is tied to the patientdetail.php page of that system.
Risk and Exploitability
The CVSS base score of 5.3 indicates a medium severity. No EPSS score is available, so the current likelihood of exploitation cannot be quantified precisely, but the publicly released exploit raises concern. The vulnerability is not listed in CISA's KEV catalog. The attack vector is remote, requiring only a request to the vulnerable endpoint. If the system is exposed to the internet without additional controls, the risk could increase.
OpenCVE Enrichment