CVE-2026-10186: Online Hospital Management System SQL Injection

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-10186: Online Hospital Management System SQL Injection

The National Vulnerability Database has disclosed CVE-2026-10186, a high-severity SQL injection vulnerability impacting code-projects Online Hospital Management System 1.0. This flaw, rated with a CVSS score of 7.3, allows remote attackers to execute arbitrary SQL commands by manipulating the editid argument within the /patient.php file.

This is a critical flaw for any organization running this specific hospital management system. SQL injection remains a perennial favorite for attackers due to its direct impact on data integrity and confidentiality. The public disclosure of an exploit means that active exploitation is highly probable, moving this from a theoretical risk to an immediate operational concern.

Defenders must prioritize patching this vulnerability immediately. Given the sensitive nature of data within hospital management systems, a successful exploit could lead to severe breaches of patient records, financial data, and operational disruption. The attack vector is straightforward and requires no authentication, making it an attractive target for opportunistic attackers.

What This Means For You

  • If your organization uses code-projects Online Hospital Management System 1.0, you must immediately patch this CVE-2026-10186 vulnerability. Audit your system logs for any anomalous activity related to `/patient.php` and the `editid` parameter. Assume compromise until proven otherwise, especially if you have not applied the fix.

Indicators of Compromise

IDTypeIndicator
CVE-2026-10186 SQLi code-projects Online Hospital Management System 1.0
CVE-2026-10186 SQLi /patient.php
CVE-2026-10186 SQLi argument editid

Written by SCW Vulnerability Desk

🔎
Check for SQLi threats and advisories Use /brief to get an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma