CVE-2026-14717
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the /patientlogin.php file. An attacker can remotely manipulate the loginid argument, leading to unauthorized database access. The exploit is publicly available.
Risk Assessment
The risk involves potential remote compromise of the hospital's database, which could lead to leakage of sensitive patient data, privacy breaches, and system disruption.
Recommendation
Immediately update the system to the latest version or apply a patch to prevent SQL injection. In the meantime, restrict access to /patientlogin.php and implement input validation.
Original NVD description (English source)
A vulnerability was detected in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /patientlogin.php. Performing a manipulation of the argument loginid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

