CVE-2026-2059

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Center Portal Management System version 1.0

Description A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in the /emp edit1.php file, specifically through manipulation of the ID parameter within an unknown function. This allows for remote exploitation, and details of the exploit are publicly available.

Recommendations Apply a fix to the vulnerable function in the /emp edit1.php file to prevent SQL injection attacks. Sanitize the ID parameter before using it in database queries. As a temporary workaround, restrict access to the /emp edit1.php file.