CVE-2026-10185: SQL Injection in SourceCodester Hospitals Patient Records Management System

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-10185: SQL Injection in SourceCodester Hospitals Patient Records Management System

The National Vulnerability Database has detailed CVE-2026-10185, a high-severity SQL injection vulnerability affecting SourceCodester Hospitals Patient Records Management System version 1.0. The flaw resides in an unspecified function within the /classes/Users.php?f=save file. Manipulating the ID argument allows for remote SQL injection, a critical vulnerability that attackers can readily exploit.

This vulnerability carries a CVSS score of 7.3 (HIGH) and is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Different Context) and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)). The exploit code has been publicly released, significantly lowering the bar for attackers and increasing the immediate risk of exploitation.

For defenders, the implication is direct and severe. Publicly available exploits for SQL injection in web applications are a common attack vector for initial access and data exfiltration. Any organization using this specific Patient Records Management System needs to understand that they are a prime target. Attackers will prioritize systems where they can achieve remote code execution or database access with minimal effort, and this vulnerability fits that profile perfectly.

What This Means For You

  • If your organization uses SourceCodester Hospitals Patient Records Management System 1.0, you must immediately assess your exposure to CVE-2026-10185. This is a critical SQL injection with a public exploit. Prioritize patching or implementing compensating controls to mitigate the risk of remote data compromise and unauthorized access. Assume attackers are already scanning for this vulnerability.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-10185: SQL Injection in SourceCodester Hospitals Patient Records Management System

Sigma YAML — free preview 
title: CVE-2026-10185: SQL Injection in SourceCodester Hospitals Patient Records Management System
id: scw-2026-05-31-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit CVE-2026-10185 by targeting the /classes/Users.php file with a 'save' function and 'ID' parameter. The rule looks for common SQL injection patterns like UNION SELECT, SLEEP, or BENCHMARK within the query string, indicating a potential exploitation attempt against the SourceCodester Hospitals Patient Records Management System.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10185/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri-query|contains:
          - '/classes/Users.php?f=save&ID=' 
      cs-method:
          - 'GET'
      cs-uri-query|contains:
          - 'UNION SELECT'
          - 'SLEEP('
          - 'BENCHMARK('
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10185 SQLi SourceCodester Hospitals Patient Records Management System 1.0
CVE-2026-10185 SQLi /classes/Users.php?f=save
CVE-2026-10185 SQLi Manipulation of argument ID

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma