← Back
2026-05-23 22:15CVE-2026-9342VulDB
PUBLISHED5.2ApplicationCWE-89CWE-74x_freeware

SourceCodester Hospitals Patient Records Management System view_history.php sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Problem type

Affected products

SourceCodester

Hospitals Patient Records Management System

1.0 - AFFECTED

References

VDB-365305 | SourceCodester Hospitals Patient Records Management System view_history.php sql injection

https://vuldb.com/vuln/365305

vdb-entrytechnical-description
VDB-365305 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/365305/cti

signaturepermissions-required
Submit #812834 | sourcecodester Hospital's Patient Records Management System V1.0 SQL injection

https://vuldb.com/submit/812834

third-party-advisory
github.com

https://github.com/july-skyload/exp/issues/1

exploitissue-tracking
sourcecodester.com

https://www.sourcecodester.com/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-9342
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-9342",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-23T22:15:10.341Z",
    "dateReserved": "2026-05-23T06:32:28.937Z",
    "datePublished": "2026-05-23T22:15:10.341Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-23T22:15:10.341Z"
      },
      "title": "SourceCodester Hospitals Patient Records Management System view_history.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Hospitals Patient Records Management System",
          "cpes": [
            "cpe:2.3:a:sourcecodester:hospitals_patient_records_management_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/365305",
          "name": "VDB-365305 | SourceCodester Hospitals Patient Records Management System view_history.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/365305/cti",
          "name": "VDB-365305 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/812834",
          "name": "Submit #812834 | sourcecodester Hospital's Patient Records Management System V1.0 SQL injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/july-skyload/exp/issues/1",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-23T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-23T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-23T08:37:33.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "july-skyload (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}