Impact
A flaw in the /medicine.php file of itsourcecode Hospital Management System allows manipulation of the editid argument to perform SQL injection. The vulnerability can be exploited remotely, enabling an attacker to execute arbitrary SQL commands against the database. This could lead to unauthorized data disclosure, modification, or deletion, and potentially allow further post‑exploitation actions such as privilege escalation.
Affected Systems
Itsourcecode Hospital Management System version 1.0 is affected. The vulnerability resides in the medicine.php functionality exposed through the web interface.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity. No EPSS data is available, so current exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, a published exploit demonstrates that remote attackers can leverage this flaw, making patching or mitigation a priority.
OpenCVE Enrichment