Which versions of Hospitals Patient Records Management System are affected by EUVD-2026-31569?

SourceCodester Hospitals Patient Records Management System 1.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to directly access, modify, or delete patient…

Is there a public PoC exploit available for EUVD-2026-31569?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31569. Prioritise patching immediately. EPSS: 0.0%.

Hospitals Patient Records Management System EUVD-2026-31569

Q: What is the CVSS score of EUVD-2026-31569?

EUVD-2026-31569 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-9355 MEDIUM

SQL Injection (CWE-89)

2026-05-24 VulDB

GHSA-g97w-3vph-c7fc

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 26, 2026 - 19:07 NVD

HIGH MEDIUM

CVSS changed

May 26, 2026 - 19:07 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 24, 2026 - 05:15 vuln.today

DescriptionNVD

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

AnalysisAI

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to compromise patient data without authentication via manipulated ID parameter in /classes/Master.php?f=save_patient_history. The vulnerability has publicly available exploit code (GitHub) and enables unauthorized database access with potential to read, modify, or delete patient records. …

RemediationAI

Within 24 hours: Isolate affected SourceCodester instances from production networks or disable public access to the /classes/Master.php endpoint; inventory all instances running version 1.0 and document patient data exposure scope. Within 7 days: Conduct database audit logs for unauthorized access patterns; notify legal/compliance of potential PHI breach; evaluate migration to patched alternative vendor solutions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31569 vulnerability details – vuln.today

Back

Hospitals Patient Records Management System EUVD-2026-31569

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Hospitals Patient Records Management System EUVD-2026-31569

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code