Description
A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
Problem types
Product status
Timeline
| 2026-07-05: | Advisory disclosed |
| 2026-07-05: | VulDB entry created |
| 2026-07-05: | VulDB entry last update |
Credits
kongcx (VulDB User)
References
vuldb.com/vuln/376363 (VDB-376363 | itsourcecode Hospital Management System payment.php sql injection)
vuldb.com/vuln/376363/cti (VDB-376363 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14773 (CVE-2026-14773 | CVE Analysis and Report)
vuldb.com/submit/850644 (Submit #850644 | itsourcecode Hospital Management System V1.0 SQL Injection)
github.com/ltranquility/submit_vuln/issues/5
itsourcecode.com/