Which versions of Hospital Management System are affected by EUVD-2026-30729?

CVE-2026-8785 is a SQL injection vulnerability in projectworlds Hospital Management System PHP 1.0 that allows unauthenticated attackers to directly access and modify patient records, creating…

Is there a public PoC exploit available for EUVD-2026-30729?

Yes, a public proof-of-concept exploit is available for EUVD-2026-30729. Prioritise patching immediately. EPSS: 0.0%.

Hospital Management System EUVD-2026-30729

Q: What is the CVSS score of EUVD-2026-30729?

EUVD-2026-30729 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8785 MEDIUM

SQL Injection (CWE-89)

2026-05-18 VulDB

GHSA-jhq7-r7p6-3g3j

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 18, 2026 - 04:22 NVD

HIGH MEDIUM

CVSS changed

May 18, 2026 - 04:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 18, 2026 - 03:44 vuln.today

DescriptionNVD

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

SQL injection in projectworlds Hospital Management System in PHP 1.0 enables unauthenticated remote attackers to extract or modify patient data through the appointment_no parameter in update_info.php. The vulnerability has publicly available exploit code and affects the getAllPatientDetail function, with the vendor notified but unresponsive.

RemediationAI

Within 24 hours: Audit all instances of projectworlds Hospital Management System PHP 1.0 in production; restrict network access to update_info.php to trusted internal networks only; enable database query logging. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the appointment_no parameter; conduct forensic review of appointment and patient data modification logs for unauthorized access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-30729 vulnerability details – vuln.today

Back

Hospital Management System EUVD-2026-30729

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Hospital Management System EUVD-2026-30729

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code