Skip to main content

Online Hospital Management System CVE-2026-7631

| EUVDEUVD-2026-26793 LOW
Improper Authorization (CWE-285)
2026-05-02 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Generated
May 02, 2026 - 14:30 vuln.today
Severity Changed
May 02, 2026 - 14:22 NVD
MEDIUM LOW
CVSS changed
May 02, 2026 - 14:22 NVD
5.4 (MEDIUM) 2.1 (LOW)
PoC Detected
May 02, 2026 - 14:16 vuln.today
Public exploit code
EUVD ID Assigned
May 02, 2026 - 14:00 euvd
EUVD-2026-26793
Analysis Generated
May 02, 2026 - 14:00 vuln.today
CVE Published
May 02, 2026 - 13:30 nvd
LOW 2.1

DescriptionCVE.org

A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

Improper authorization in code-projects Online Hospital Management System 1.0 allows authenticated remote attackers to manipulate the Username parameter in the Registration Handler, bypassing access controls and modifying user authorization. The vulnerability requires valid authentication credentials but results in integrity impact to user accounts. Publicly available exploit code exists for this vulnerability.

Technical ContextAI

The vulnerability resides in the Registration Handler component of a web-based hospital management application. CWE-285 (Improper Authorization) indicates the root cause is a failure to enforce proper access controls when processing user input, specifically the Username parameter. The attack vector is network-accessible (AV:N), suggesting the vulnerable endpoint is exposed over HTTP(S). The integrity impact (VI:L) suggests attackers can modify user data or account properties, while the availability impact (VA:L) indicates potential service degradation. The vulnerability affects the application across all versions in the 1.0 branch based on the CPE specification.

RemediationAI

No vendor-released patch identified at time of analysis. Code-projects should issue an urgent security update addressing the Registration Handler component to enforce proper authorization checks on the Username parameter. Until patching is available, implement network-level controls to restrict access to the Registration Handler endpoint to trusted administrator networks only, and enforce strong authentication policies to ensure compromised credentials are rapidly detected. Additionally, implement input validation and whitelist controls on the Username parameter to reject unauthorized modification attempts, though this should not be relied upon as a sole mitigation. Monitor access logs for suspicious registration activity and consider temporarily disabling user self-registration functionality if the vulnerable feature is not business-critical. Organizations should contact code-projects directly via https://code-projects.org/ to request security updates and detailed fix guidance.

CVE-2023-37069 CRITICAL POC
9.8 Aug 10

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attac

CVE-2023-4185 CRITICAL POC
9.8 Aug 06

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. Rated critical severity (CVSS 9.8), t

CVE-2025-5604 HIGH POC
7.3 Jun 04

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, specifically in the /user-logi

CVE-2025-5603 HIGH POC
7.3 Jun 04

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, affecting the /registration.ph

CVE-2025-5602 HIGH POC
7.3 Jun 04

Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0 affecting the /admin/registrati

CVE-2024-5362 MEDIUM POC
6.9 May 26

A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Rated med

CVE-2025-63719 HIGH POC
7.3 Nov 19

Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter use

CVE-2025-5365 MEDIUM POC
6.9 May 31

A vulnerability was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vul

CVE-2025-5364 MEDIUM POC
6.9 May 30

A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medium se

CVE-2025-5363 MEDIUM POC
6.9 May 30

A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medi

CVE-2025-5362 MEDIUM POC
6.9 May 30

A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Rated m

CVE-2025-5361 MEDIUM POC
6.9 May 30

A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0.php

Share

CVE-2026-7631 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy