CVE-2026-11501 PUBLISHED

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save_patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

• outjinmswa (VulDB User) reporter

• VDB-369121 | SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection
• VDB-369121 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-11501 | CVE Analysis and Report
• Submit #835506 | sourcecodester Hospital's Patient Records Management System V1.0 SQL injection
• https://github.com/showmesvg/horized/issues/1
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE