CVE-2026-14773

Summary

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
itsourcecodeHospital Management System1.0affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

References