Back to VulnFeed / CVE-2026-14659
root@hackertop:~/vulnfeed/CVE-2026-14659#
CVE-2026-14659 MEDIUM SQLi/Injection ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

itsourcecode Hospital Management System 1.0 /patientappointment.php patiente sql injection

Hospital Management System 1.0 1d ago Impact pending confirmation
LIFECYCLE
5.7 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability classified as critical has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patientappointment.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
The manipulation of the argument patiente with an unknown input leads to a unknown weakness. CWE is classifying the issue as CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Impact: This is going to have an impact on confidentiality, integrity, and availability.

Exploit: The exploit is shared for download at github.com. It is declared as proof-of-concept. By approaching the search of inurl:patientappointment.php it is possible to find vulnerable targets with Google Hacking.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-14659 · CVSS 5.7 · Active Threat