A vulnerability, which was classified as critical, has been found in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection.
This vulnerability appears as CVE-2026-14774. The attack may be initiated remotely. In addition, an exploit is available.