CVE-2026-8785 | projectworlds hospital-management-system-in-php 1.0 GET Parameter update_info.php getAllPatientDetail appointment_no sql injection

A vulnerability, which was classified as critical, was found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection.

This vulnerability appears as CVE-2026-8785. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More