Skip to main content

Hospitals Patient Records Management System CVE-2026-9342

| EUVD-2026-31554 LOW
SQL Injection (CWE-89)
2026-05-23 VulDB GHSA-fv8j-whg3-8v9w
PHP SQLi
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 26, 2026 - 19:07 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:07 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 23, 2026 - 22:45 vuln.today

DescriptionNVD

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 allows authenticated attackers to extract, modify, or delete database records via the ID parameter in /admin/patients/view_history.php. The vulnerability requires low-privilege authenticated access (PR:L) but has low attack complexity (AC:L) and can be exploited remotely. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-9342 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy