A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
PUBLISHED5.2ApplicationCWE-89CWE-74x_freeware
SourceCodester Hospitals Patient Records Management System Users.php save sql injection
Problem type
Affected products
SourceCodester
Hospitals Patient Records Management System
1.0 - AFFECTED
References
VDB-367466 | SourceCodester Hospitals Patient Records Management System Users.php save sql injection
https://vuldb.com/vuln/367466
VDB-367466 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367466/cti
CVE-2026-10185 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10185
Submit #819918 | sourcecodester Hospital's Patient Records Management System V1.0 SQL injection
https://vuldb.com/submit/819918
github.com
https://github.com/zzb1388/cve2/issues/3
sourcecodester.com
https://www.sourcecodester.com/
GitHub Security Advisories
GHSA-2hf5-r849-3x76
A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0....
https://github.com/advisories/GHSA-2hf5-r849-3x76A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-10185
github.com
https://github.com/zzb1388/cve2/issues/3
vuldb.com
https://vuldb.com/cve/CVE-2026-10185
vuldb.com
https://vuldb.com/submit/819918
vuldb.com
https://vuldb.com/vuln/367466
vuldb.com
https://vuldb.com/vuln/367466/cti
sourcecodester.com
https://www.sourcecodester.com
github.com
https://github.com/advisories/GHSA-2hf5-r849-3x76
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-10185Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-10185",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-05-31T13:45:08.141Z",
"dateReserved": "2026-05-30T16:35:44.500Z",
"datePublished": "2026-05-31T13:45:08.141Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-05-31T13:45:08.141Z"
},
"title": "SourceCodester Hospitals Patient Records Management System Users.php save sql injection",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks."
}
],
"affected": [
{
"vendor": "SourceCodester",
"product": "Hospitals Patient Records Management System",
"cpes": [
"cpe:2.3:a:sourcecodester:hospitals_patient_records_management_system:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "SQL Injection",
"cweId": "CWE-89",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/367466",
"name": "VDB-367466 | SourceCodester Hospitals Patient Records Management System Users.php save sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/367466/cti",
"name": "VDB-367466 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-10185",
"name": "CVE-2026-10185 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/819918",
"name": "Submit #819918 | sourcecodester Hospital's Patient Records Management System V1.0 SQL injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/zzb1388/cve2/issues/3",
"tags": [
"exploit",
"issue-tracking"
]
},
{
"url": "https://www.sourcecodester.com/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 7.5
}
}
],
"timeline": [
{
"time": "2026-05-30T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-05-30T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-05-30T18:40:52.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "zengxingqin (VulDB User)",
"type": "reporter"
}
],
"tags": [
"x_freeware"
]
}
}
}