Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Patient Record Management System 1.0: Compromised Patient Data
CVE-2026-2706
Summary
A security issue in Patient Record Management System 1.0 allows hackers to access sensitive patient information by manipulating the 'comp_id' field. This could result in unauthorized access to patient records. Update to the latest version of the software to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| code-projects | patient_record_management_system | 1.0 | – |
Original title
A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql in...
Original description
A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
7.5
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://code-projects.org/ Product
- https://github.com/1768161086/sql_cve Exploit Third Party Advisory
- https://vuldb.com/?ctiid.346652 Permissions Required VDB Entry
- https://vuldb.com/?id.346652 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754407 Third Party Advisory VDB Entry
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026