SQL Injection Vulnerability in itsourcecode Hospital Management System
CVE-2026-16009
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 17 July 2026
Badges
What is CVE-2026-16009?
A SQL injection vulnerability has been identified in the itsourcecode Hospital Management System version 1.0. The issue arises from an undisclosed function within the file /prescriptionorderdetail.php, where improper handling of the 'delid' argument creates an opportunity for attackers to execute arbitrary SQL queries. This vulnerability can be exploited remotely, compromising the integrity of the database and exposing sensitive information. With the exploit details available, it is crucial for users to take immediate action to secure their systems against potential remote attacks.
Affected Version(s)
Hospital Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
