A vulnerability, which was classified as critical, was found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection.
This vulnerability is reported as CVE-2026-16009. The attack can be launched remotely. Moreover, an exploit is present.