CVE-2026-2057

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Center Portal Management System version 1.0

Description A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the /login.php file. Manipulating the User argument can trigger the injection. The attack can be carried out remotely, and details about the exploit are publicly available.

Recommendations Apply a fix to the vulnerable function in the /login.php file to prevent SQL injection attacks. Sanitize the User input to eliminate potentially malicious code. Restrict access to the /login.php file to authorized personnel only. As a temporary workaround, consider disabling the affected function until a patch is available.