Is there a public PoC exploit available for CVE-2026-5960?

Yes, a public proof-of-concept exploit is available for CVE-2026-5960. Prioritise patching immediately. EPSS: 0.0%.

Patient Record Management System CVE-2026-5960

Q: What is the CVSS score of CVE-2026-5960?

CVE-2026-5960 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-20930 LOW

Information Exposure (CWE-200)

2026-04-09 VulDB

GHSA-48cj-9hxc-pmg3

Information Disclosure Patient Record Management System

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

PoC Detected

Apr 09, 2026 - 16:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 09, 2026 - 15:30 euvd

EUVD-2026-20930

Analysis Generated

Apr 09, 2026 - 15:30 vuln.today

CVE Published

Apr 09, 2026 - 15:15 nvd

LOW 2.1

DescriptionCVE.org

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Information disclosure in code-projects Patient Record Management System 1.0 allows unauthenticated remote attackers to access sensitive patient data via manipulation of the SQL database backup file (/db/hcpms.sql), with publicly available exploit code and user interaction required. The vulnerability affects the SQL Database Backup File Handler component and has moderate CVSS impact (4.3) but is elevated by public exploit availability and the sensitivity of healthcare data exposure.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS score of 4.3 is moderate, multiple factors indicate elevated real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker discovers the Patient Record Management System is deployed via directory enumeration or search engine indexing and locates the accessible /db/hcpms.sql backup file at a predictable path. The attacker downloads the unencrypted SQL file, which contains patient names, medical histories, diagnoses, and potentially credentials or payment information. …
Remediation	Immediate action: Verify that /db/hcpms.sql and other database backup files are not accessible through web-facing directories (remove from web root or restrict with .htaccess/.web.config deny rules). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5960 vulnerability details – vuln.today

Back