CVE-2026-11501
HighCVSS 7.3Summary
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. The issue affects some unknown processing of the file /classes/Master.php?f=save_patient, leading to SQL injection vulnerabilities.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of the data within the system. The publicly available exploit increases the risk of attacks.
Recommendation
It is recommended to immediately update the system to the latest version to mitigate this vulnerability. Additionally, monitoring the system for unauthorized access attempts is advised.
Original NVD description (English source)
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save_patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

