CVE-2026-6006

MEDIUM CVSS 6.3 View on NVD ↗

Description

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

https://code-projects.org/
https://github.com/1768161086/SQL_CVE_1.2/blob/main/sql_cve.pdf
https://vuldb.com/submit/794542
https://vuldb.com/vuln/356562
https://vuldb.com/vuln/356562/cti

Published: Apr 10, 2026 04:17 UTC Modified: Apr 10, 2026 04:17 UTC