CVE-2026-8785 | projectworlds hospital-management-system-in-php 1.0 GET Parameter update_info.php getAllPatientDetail appointment_no sql injection

A vulnerability, which was classified as critical, was found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection.

This vulnerability appears as CVE-2026-8785. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-8785 | projectworlds hospital-management-system-in-php 1.0 GET Parameter update_info.php getAllPatientDetail appointment_no sql injection

Post correlati

CVE-2024-56263 | GS Plugins GS Shots for Dribbble Plugin up to 1.2.0 on WordPress cross site scripting

CVE-2025-6940 | TOTOLINK A702R 4.0.0-B20230721.1521 HTTP POST Request formParentControl submit-url buffer overflow

CVE-2023-52843 | Linux Kernel up to 6.6.1 llc net/llc/llc_station.c eth_hdr memory corruption

CVE-2024-1508 | Prime Slider Plugin up to 3.13.2 on WordPress Mercury Widget cross site scripting