A vulnerability was found in itsourcecode Hospital Management System 1.0. It has been declared as critical. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-14659. The attack can be launched remotely. Moreover, an exploit is present.