CVE-2026-10184: SQL Injection in Hospitals Patient Records Management System

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-10184: SQL Injection in Hospitals Patient Records Management System

The National Vulnerability Database (NVD) has detailed CVE-2026-10184, a high-severity SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System version 1.0. This flaw, rated 7.3 CVSS, affects an unspecified function within the /classes/Users.php?f=delete file. Attackers can manipulate the ID argument to trigger the SQL injection.

This is a critical flaw because the exploit has been publicly released, making it accessible to a wide range of threat actors. Remote exploitation is possible, meaning attackers don’t need direct network access to the target system. Given the sensitive nature of patient records, a successful exploit could lead to unauthorized access, modification, or deletion of highly confidential data, directly impacting patient privacy and potentially compromising healthcare operations.

Organizations using this specific patient records management system are at immediate risk. The public availability of the exploit drastically reduces the attacker’s effort, shifting the calculus from complex zero-day research to simple exploit execution. Defenders must assume this vulnerability is actively being scanned for and exploited.

What This Means For You

  • If your organization uses SourceCodester Hospitals Patient Records Management System 1.0, you are directly exposed to CVE-2026-10184. This is not theoretical — a public exploit exists. Immediately verify if this system is in use within your environment. If it is, isolate the system, apply any available patches, or take it offline until a fix is deployed. Audit logs for suspicious activity related to `/classes/Users.php?f=delete` and `ID` parameter manipulation.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Database Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-10184: SQL Injection in Users.php delete function

Sigma YAML — free preview 
title: CVE-2026-10184: SQL Injection in Users.php delete function
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
  Detects SQL injection attempts targeting the Users.php file in SourceCodester Hospitals Patient Records Management System 1.0. Specifically looks for the '/classes/Users.php?f=delete' path combined with common SQL injection patterns in the query string, such as 'ID=' followed by ' OR ' and '1=1'.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10184/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/classes/Users.php?f=delete'
      cs-uri-query|contains:
          - 'ID=';
      cs-uri-query|contains:
          - ' OR ';
      cs-uri-query|contains:
          - '=';
      cs-uri-query|contains:
          - '1=1'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10184 SQLi SourceCodester Hospitals Patient Records Management System 1.0
CVE-2026-10184 SQLi Vulnerable file: /classes/Users.php?f=delete
CVE-2026-10184 SQLi Vulnerable argument: ID

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma