Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
AnalysisAI
Improper authorization in code-projects Online Hospital Management System 1.0 allows authenticated remote attackers to manipulate the Username parameter in the Registration Handler, bypassing access controls and modifying user authorization. The vulnerability requires valid authentication credentials but results in integrity impact to user accounts. Publicly available exploit code exists for this vulnerability.
Technical ContextAI
The vulnerability resides in the Registration Handler component of a web-based hospital management application. CWE-285 (Improper Authorization) indicates the root cause is a failure to enforce proper access controls when processing user input, specifically the Username parameter. The attack vector is network-accessible (AV:N), suggesting the vulnerable endpoint is exposed over HTTP(S). The integrity impact (VI:L) suggests attackers can modify user data or account properties, while the availability impact (VA:L) indicates potential service degradation. The vulnerability affects the application across all versions in the 1.0 branch based on the CPE specification.
RemediationAI
No vendor-released patch identified at time of analysis. Code-projects should issue an urgent security update addressing the Registration Handler component to enforce proper authorization checks on the Username parameter. Until patching is available, implement network-level controls to restrict access to the Registration Handler endpoint to trusted administrator networks only, and enforce strong authentication policies to ensure compromised credentials are rapidly detected. Additionally, implement input validation and whitelist controls on the Username parameter to reject unauthorized modification attempts, though this should not be relied upon as a sole mitigation. Monitor access logs for suspicious registration activity and consider temporarily disabling user self-registration functionality if the vulnerable feature is not business-critical. Organizations should contact code-projects directly via https://code-projects.org/ to request security updates and detailed fix guidance.
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attac
A vulnerability was found in SourceCodester Online Hospital Management System 1.0. Rated critical severity (CVSS 9.8), t
Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, specifically in the /user-logi
Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0, affecting the /registration.ph
Critical SQL injection vulnerability in Campcodes Hospital Management System version 1.0 affecting the /admin/registrati
A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Rated med
Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter use
A vulnerability was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vul
A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medium se
A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Rated medi
A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Rated m
A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0.php
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26793