Sourcecodester · Hospital'S Patient Records Management System · CVE-2026-9342
**Name of the Vulnerable Software and Affected Versions**
SourceCodester Hospitals Patient Records Management System version 1.0
**Description**
A security flaw allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. The issue exists in the '/admin/patients/view history.php' endpoint through the manipulation of the `ID` argument.
**Recommendations**
As a temporary workaround, restrict access to the '/admin/patients/view history.php' file to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.