← Back
2026-05-31 14:0CVE-2026-10186VulDB
PUBLISHED5.2ApplicationCWE-89CWE-74x_freeware

code-projects Online Hospital Management System patient.php sql injection

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Problem type

Affected products

code-projects

Online Hospital Management System

1.0 - AFFECTED

References

VDB-367467 | code-projects Online Hospital Management System patient.php sql injection

https://vuldb.com/vuln/367467

vdb-entrytechnical-description
VDB-367467 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/367467/cti

signaturepermissions-required
CVE-2026-10186 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10186

third-party-advisory
Submit #819933 | code-projects code-projects Online Hospital Management System 1.0 1.0 SQL Injection

https://vuldb.com/submit/819933

third-party-advisory
github.com

https://github.com/aiyuyuyu/cve/blob/main/patient_sql.md

exploit
code-projects.org

https://code-projects.org/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-10186
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-10186",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-31T14:00:11.706Z",
    "dateReserved": "2026-05-30T16:37:45.549Z",
    "datePublished": "2026-05-31T14:00:11.706Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-31T14:00:11.706Z"
      },
      "title": "code-projects Online Hospital Management System patient.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "code-projects",
          "product": "Online Hospital Management System",
          "cpes": [
            "cpe:2.3:a:code-projects:online_hospital_management_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/367467",
          "name": "VDB-367467 | code-projects Online Hospital Management System patient.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/367467/cti",
          "name": "VDB-367467 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/cve/CVE-2026-10186",
          "name": "CVE-2026-10186 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://vuldb.com/submit/819933",
          "name": "Submit #819933 | code-projects code-projects Online Hospital Management System 1.0 1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/aiyuyuyu/cve/blob/main/patient_sql.md",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://code-projects.org/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-30T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-30T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-30T18:42:49.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "yuyuyu (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}