PT-2026-55764 · Itsourcecode · Hospital Management System

Crap Diem

·

Published

2026-07-05

·

Updated

2026-07-05

·

CVE-2026-14703

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0
Description A remote SQL injection exists in the /patientorder.php endpoint. The issue occurs when the editid variable is manipulated, allowing an attacker to execute arbitrary SQL commands on the database.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the editid parameter in the /patientorder.php endpoint until the issue is resolved.

Exploit

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14703

Affected Products

Hospital Management System