Description
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-05-02
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An SQL injection flaw exists in code-projects Online Hospital Management System 1.0, specifically within an unknown function of the /viewappointment.php file. The flaw is triggered by manipulating the delid argument, allowing arbitrary SQL code to be executed against the underlying database. This weakness aligns with CWE-74 and CWE-89, and its exploitation could lead to data disclosure or modification across the application.

Affected Systems

The vulnerable component is the Online Hospital Management System distributed by code‑projects, version 1.0. The issue resides in the viewappointment.php page and affects any system using that exact release without a patch.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate risk, and the publicly disclosed nature of the exploit enables attackers to carry out the attack remotely. Although no EPSS score is reported and it is not listed in the CISA KEV catalog, the ability to inject SQL from external requests poses a significant threat to confidentiality and integrity of patient data.

Generated by OpenCVE AI on May 2, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to a patched version once available
  • Refactor the delid handling to use prepared statements or parameterized queries
  • Grant the application’s database user only the minimum privileges required for its operations

Generated by OpenCVE AI on May 2, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Title code-projects Online Hospital Management System viewappointment.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T13:45:11.144Z

Reserved: 2026-05-01T14:32:18.510Z

Link: CVE-2026-7632

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T14:16:18.510

Modified: 2026-05-02T14:16:18.510

Link: CVE-2026-7632

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T15:30:45Z

Weaknesses