Description
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-05-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An SQL injection flaw exists in code-projects Online Hospital Management System 1.0, specifically within an unknown function of the /viewappointment.php file. The flaw is triggered by manipulating the delid argument, allowing arbitrary SQL code to be executed against the underlying database. This weakness aligns with CWE-74 and CWE-89, and its exploitation could lead to data disclosure or modification across the application.

Affected Systems

The vulnerable component is the Online Hospital Management System distributed by code‑projects, version 1.0. The issue resides in the viewappointment.php page and affects any system using that exact release without a patch.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate risk, and the publicly disclosed nature of the exploit enables attackers to carry out the attack remotely. Although no EPSS score is reported and it is not listed in the CISA KEV catalog, the ability to inject SQL from external requests poses a significant threat to confidentiality and integrity of patient data.

Generated by OpenCVE AI on May 2, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to a patched version once available
  • Refactor the delid handling to use prepared statements or parameterized queries
  • Grant the application’s database user only the minimum privileges required for its operations

Generated by OpenCVE AI on May 2, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects online Hospital Management System
Vendors & Products Code-projects
Code-projects online Hospital Management System

Mon, 04 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 02 May 2026 20:15:00 +0000

Type Values Removed Values Added
References

Sat, 02 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Title code-projects Online Hospital Management System viewappointment.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Online Hospital Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T13:46:09.187Z

Reserved: 2026-05-01T14:32:18.510Z

Link: CVE-2026-7632

cve-icon Vulnrichment

Updated: 2026-05-04T13:46:03.368Z

cve-icon NVD

Status : Deferred

Published: 2026-05-02T14:16:18.510

Modified: 2026-05-05T19:15:06.200

Link: CVE-2026-7632

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:23Z

Weaknesses