CVE Catalog

CVE-2026-9355

High
Published: Translated: NVD NIST

Summary

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0 that allows SQL injection through manipulation of the ID argument in the file /classes/Master.php?f=save_patient_history.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of patient data and the security of the system.

Recommendation

It is recommended to update the system to the latest version and implement input data filtering to prevent SQL injection attacks.

Original NVD description (English source)

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS