Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
CVE-2026-10185: SourceCodester Hospitals Patient Records Management System SQL Injection Risk
CVE-2026-10185
Summary
An unknown function in the SourceCodester Hospitals Patient Records Management System may allow unauthorized access to sensitive data. This could happen if an attacker manipulates the ID of a user, potentially leading to stolen or altered patient information. To protect your data, update to the latest version of the system or consider using a different system.
Original title
A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the arg...
Original description
A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
5.5
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026