A vulnerability, which was classified as critical, has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection.
This vulnerability appears as CVE-2026-14638. The attack may be initiated remotely. In addition, an exploit is available.