CVE-2026-9356
HighSummary
A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0, allowing SQL injection through manipulation of the ID argument in the /admin/patients/manage_history.php file. The attack can be performed remotely.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized access to the database, posing a serious threat to patient data security.
Recommendation
It is recommended to immediately update the system to the latest version and implement appropriate measures to protect against SQL injection attacks.
Original NVD description (English source)
A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

