32 matches found
CVE-2026-14774 itsourcecode Hospital Management System paymentdischarge.php sql injection
A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and ma...
PT-2026-55830
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A remote SQL injection exists in the /payment.php endpoint. The issue occurs when the patientid argument is manipulated, allowing an attacker to execute arbitrary SQL commands on...
CVE-2026-12207 medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection
A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...
CVE-2026-3980
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...
CVE-2026-25745 OpenEMR's Message Update Ignores Patient id
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...
CVE-2026-3980
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...
CVE-2026-3724
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-3724
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-3724 SourceCodester Patients Waiting Area Queue Management System checkin.php improper authorization
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-3724
The CVE-2026-3724 issue affects SourceCodester Patients Waiting Area Queue Management System 1.0, with a vulnerability in /checkin.php where manipulating the argument patient_id causes improper authorization. This can be triggered remotely and an exploit is publicly available. Impact is described...
SourceCodester Patients Waiting Area Queue Management System 授权问题漏洞
The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a vulnerability related to authorization issues. This...
PT-2026-23929
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient id causes improper authorization. It is possible to initiate the attack remotely. The exploit ha...
CVE-2026-25147
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...
CVE-2026-25147
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...
CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...
EUVD-2026-9036
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...
CVE-2026-25147
OpenEMR CVE-2026-25147 affects the portal payment flow. In versions prior to 8.0.0, portal_payment.php takes the target patient id from the HTTP request (pid from $_REQUEST and hidden_patient_code) rather than the authenticated portal user’s pid. This allows a logged-in portal user to overwrite t...
PT-2026-22350
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the patient ID used in portal/portal payment.php is obtained from the request $pid = $...
CVE-2026-2149
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...
CVE-2026-2150
A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patientid causes cross site scripting. The attack can be initiated remotely. Th...