Impact
vulnerability was detected in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file patientlogin.php. Manipulating the loginid argument results in SQL injection, and remote exploitation is possible. Based on the description, it is inferred that an attacker could read, modify, or delete patient records or otherwise compromise patient data. This could affect confidentiality, integrity, and availability of sensitive medical information.
Affected Systems
The flaw affects the itsourcecode Hospital Management System released as version 1.0. No other versions were enumerated in the advisory.
Risk and Exploitability
The CVSS score of 5.3 indicates a medium severity EPSS score of < 1% suggests a very low probability of exploitation, yet the vulnerability is publicly known and no record exists in the CISA KEV catalog. Attackers can target the system remotely through web traffic, and if the database credentials have elevated privileges, the impact can grow to full data compromise.
OpenCVE Enrichment