CVE-2026-9356 PUBLISHED

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

• wuyan-set (VulDB User) reporter

• VDB-365319 | SourceCodester Hospitals Patient Records Management System manage_history.php sql injection
• VDB-365319 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #813022 | sourcecodester Hospital's Patient Records Management System V1.0 SQL injection
• https://github.com/yan-124/yan/issues/1
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE