SourceCodester Hospitals Patient Records Management System view_history.php sql injection
Description
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 via ID parameter in view_history.php allows remote unauthenticated attackers to execute arbitrary SQL queries.
Vulnerability
The vulnerability is an SQL injection in the file /admin/patients/view_history.php of SourceCodester Hospitals Patient Records Management System version 1.0. The id parameter is directly used in SQL queries without sanitization, allowing injection of malicious SQL. Affected version: V1.0. [1]
Exploitation
The attack can be launched remotely without authentication. An attacker sends a crafted GET request to /admin/patients/view_history.php with a malicious id parameter. The exploit has been publicly released, including a proof-of-concept payload for boolean-based blind SQL injection. [1]
Impact
Successful exploitation allows unauthorized database access, sensitive data leakage, data tampering, and potentially full system control. The attacker can read, modify, or delete database contents, leading to serious security compromise. [1]
Mitigation
As of the publication date (2026-05-23), no official patch has been released. The vendor (SourceCodester) has not provided a fix. Users should consider disabling the vulnerable page or implementing input validation and parameterized queries. The product may be EOL or unsupported. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/july-skyload/exp/issues/1mitreexploitissue-tracking
- vuldb.com/submit/812834mitrethird-party-advisory
- vuldb.com/vuln/365305mitrevdb-entrytechnical-description
- vuldb.com/vuln/365305/ctimitresignaturepermissions-required
- www.sourcecodester.commitreproduct
News mentions
0No linked articles in our index yet.