PatchSiren cyber security CVE debrief
CVE-2026-11514 itsourcecode CVE debrief
A SQL injection vulnerability has been discovered in Itsourcecode Hospital Management System 1.0. The vulnerability exists in the /addpatient.php file and is caused by improper sanitization of user input in the admissiontme argument. This vulnerability allows remote attackers to inject malicious SQL code, potentially leading to unauthorized access or modification of sensitive data.
- Vendor
- itsourcecode
- Product
- Hospital Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Itsourcecode Hospital Management System 1.0 should be aware of this vulnerability and take necessary steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and is considered low. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates to fix the SQL injection vulnerability in /addpatient.php.
- Implement input validation and sanitization to prevent malicious SQL code injection.
- Monitor the system for suspicious activity and implement additional security measures as needed.
Evidence notes
The vulnerability was reported on June 8, 2026, and has been publicly disclosed. The exploit has been published and may be used.
Official resources
CVE-2026-11514 was published on 2026-06-08T13:16:32.523Z and modified on 2026-06-08T14:57:14.757Z.