MEDIUM
projectworlds
CVE published 2026-05-18
CVE-2026-8785
CVE-2026-8785 describes a remotely reachable SQL injection in projectworlds hospital-management-system-in-php 1.0, specifically in getAllPatientDetail within update_info.php when the appointment_no GET parameter is manipulated. The supplied source metadata also indicates a public exploit reference and says the project was notified early via an issue report but had not responded at the time of publication. [truncated]