CVE Catalog

CVE-2026-11501

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. The issue affects some unknown processing of the file /classes/Master.php?f=save_patient, leading to SQL injection vulnerabilities.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of the data within the system. The publicly available exploit increases the risk of attacks.

Recommendation

It is recommended to immediately update the system to the latest version to mitigate this vulnerability. Additionally, monitoring the system for unauthorized access attempts is advised.

Original NVD description (English source)

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save_patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS