SQL Injection Vulnerability in itsourcecode Hospital Management System
CVE-2026-14717
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14717?
The itsourcecode Hospital Management System 1.0 contains a SQL injection vulnerability in the /patientlogin.php file, specifically within an unknown function. By manipulating the 'loginid' argument, an attacker may exploit this flaw remotely to execute arbitrary SQL queries against the database. This vulnerability poses significant risks, as it can lead to unauthorized access to sensitive information. The exploit method has been made publicly available, increasing the urgency for users to address this issue.
Affected Version(s)
Hospital Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
