Description
A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Published: 2026-05-02
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the registration handler of code-projects Online Hospital Management System 1.0 allows an attacker to manipulate the Username argument and bypass normal authorization checks. By crafting a registration request with a malicious username, an unauthenticated user can create or modify accounts without proper privilege verification, potentially gaining access to protected patient data. This flaw is categorized as improper authorization (CWE‑266) and improper input validation (CWE‑285).

Affected Systems

The affected product is code-projects Online Hospital Management System, version 1.0. The fault resides in the registration handler component and affects an unknown function that processes user registrations.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while no EPSS score is available suggesting limited current exploitation data. It is inferred from the description that the attack can be performed remotely via the registration endpoint; the public availability of an exploit and the impact on confidential patient data give this vulnerability a moderate risk posture. Although it is not listed in the CISA KEV catalog, the existence of a publicly available exploit warrants timely remediation.

Generated by OpenCVE AI on May 2, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patched release of Online Hospital Management System from the vendor or repository that corrects the registration handler authorization logic.
  • If an update cannot be applied immediately, enforce stricter validation on the Username field allowing only alphanumeric characters and defined length limits, and reject any username that already exists or violates the naming policy to prevent unauthorized account injection.
  • Add server‑side access control checks ensuring that only unauthenticated users or those with explicit account‑creation privileges can invoke the registration endpoint, rejecting any requests that attempt to set or modify a username without proper authorization.

Generated by OpenCVE AI on May 2, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Title code-projects Online Hospital Management System Registration improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T13:30:12.229Z

Reserved: 2026-05-01T14:31:17.712Z

Link: CVE-2026-7631

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T14:16:18.337

Modified: 2026-05-02T14:16:18.337

Link: CVE-2026-7631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T16:00:06Z

Weaknesses