CVE-2026-9356

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published May 24, 2026

Vendor unknown

Description

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

References

https://github.com/yan-124/yan/issues/1
https://vuldb.com/submit/813022
https://vuldb.com/vuln/365319
https://vuldb.com/vuln/365319/cti
https://www.sourcecodester.com/