A vulnerability classified as critical has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /patientlogin.php. Performing a manipulation of the argument loginid results in sql injection.

This vulnerability is known as CVE-2026-14717. Remote exploitation of the attack is possible. Furthermore, an exploit is available.