CVE-2026-9355
HighSummary
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0 that allows SQL injection through manipulation of the ID argument in the file /classes/Master.php?f=save_patient_history.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the integrity of patient data and the security of the system.
Recommendation
It is recommended to update the system to the latest version and implement input data filtering to prevent SQL injection attacks.
Original NVD description (English source)
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

