Impact
A flaw within the Hospital Management System's /patient.php file allows an attacker to manipulate the editid parameter and inject arbitrary SQL commands. This can result in reading, modifying, or deleting sensitive patient records, exposing personally identifiable information and potentially compromising the confidentiality and integrity of the entire health database.
Affected Systems
The vulnerability exists in itsourcecode Hospital Management System version 1.0, specifically within the patient.php component. No other product or version details are listed.
Risk and Exploitability
The CVSS score of 5.3 indicates moderate severity. EPSS data is not available, so the exploitation probability is unknown. The vulnerability is not listed in CISA's KEV catalog, but the description notes that the exploit has been published and can be used remotely.
OpenCVE Enrichment