Which versions of Hospitals PRMS are affected by EUVD-2026-31568?

SourceCodester Hospitals Patient Records Management System 1.0 contains an unauthenticated SQL injection vulnerability in the patient history management interface that allows remote attackers to…

Is there a public PoC exploit available for EUVD-2026-31568?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31568. Prioritise patching immediately. EPSS: 0.0%.

Hospitals PRMS EUVD-2026-31568

Q: What is the CVSS score of EUVD-2026-31568?

EUVD-2026-31568 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9356 MEDIUM

SQL Injection (CWE-89)

2026-05-24 VulDB

GHSA-335m-hr83-74mh

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 26, 2026 - 19:07 NVD

HIGH MEDIUM

CVSS changed

May 26, 2026 - 19:07 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 24, 2026 - 06:45 vuln.today

DescriptionNVD

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

AnalysisAI

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 enables remote unauthenticated attackers to manipulate database queries through the ID parameter in /admin/patients/manage_history.php. Public exploit code exists (GitHub), though not listed in CISA KEV. …

RemediationAI

Within 24 hours: Identify all systems running SourceCodester Hospitals Patient Records Management System 1.0 and isolate or disable the /admin/patients/manage_history.php endpoint from external access using firewall rules or WAF policies. Within 7 days: Implement database-level query parameter validation and parameterized query enforcement; review access logs for exploitation attempts and conduct database integrity audit for unauthorized modifications. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31568 vulnerability details – vuln.today

Back

Hospitals PRMS EUVD-2026-31568

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Hospitals PRMS EUVD-2026-31568

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code