CVE-2026-9355: SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection

Published May 24, 2026

Updated

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Affected Software

1 affected component

Sourcecodester Hospitals Patient Records Management System=1.0

Event History

May 24, 2026

CVE Published

via MITRE·04:45 AM

Data Sourced

via MITRE·04:45 AM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2026-9355?

The severity of CVE-2026-9355 is categorized as high, with a CVSS score of 7.3.

How do I fix CVE-2026-9355?

To fix CVE-2026-9355, ensure to sanitize and validate all user inputs in the Master.php file to prevent SQL injection attacks.

What type of vulnerability is CVE-2026-9355?

CVE-2026-9355 is classified as an SQL Injection vulnerability.

Can CVE-2026-9355 be exploited remotely?

Yes, CVE-2026-9355 can be exploited remotely due to the nature of the SQL injection flaw.

Which software is affected by CVE-2026-9355?

CVE-2026-9355 affects the SourceCodester Hospitals Patient Records Management System version 1.0.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.