Description
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-05-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an SQL injection vulnerability located in the /admin/patients/view_history.php file. A malicious user can manipulate the ID argument to inject arbitrary SQL commands, potentially allowing read, modify, or delete operations against the underlying database. This introduces a confidentiality and integrity risk for patient records and may also enable denial of service if the database is overloaded by crafted queries.

Affected Systems

SourceCodester Hospitals Patient Records Management System, version 1.0. The vulnerability affects the admin interface of this system.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. The attack can be launched remotely through the web interface, and the exploit has already been released publicly, increasing the likelihood of exploitation in environments where no mitigation is in place.

Generated by OpenCVE AI on May 23, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch as soon as it becomes available.
  • Sanitize all user input on the ID parameter and use parameterized queries or stored procedures to prevent injection.
  • Enforce the principle of least privilege on the database account used by the application.

Generated by OpenCVE AI on May 23, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Title SourceCodester Hospitals Patient Records Management System view_history.php sql injection
First Time appeared Sourcecodester
Sourcecodester hospitals Patient Records Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:hospitals_patient_records_management_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester hospitals Patient Records Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Hospitals Patient Records Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-23T22:15:10.341Z

Reserved: 2026-05-23T06:32:28.937Z

Link: CVE-2026-9342

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T01:30:31Z

Weaknesses