EIP-2026-107621

PRE-CVE

Hospital Management System 4.0 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107621. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the Hospital Management System 4.0 admin panel, allowing authentication bypass and password change for the admin user. The PoC uses a simple SQLi payload to bypass login and then changes the admin password.

Description

Hospital Management System 4.0 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metin Yunus Kandemir · pythonwebappsphp

https://www.exploit-db.com/exploits/47836

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in the Hospital Management System 4.0 admin panel, allowing authentication bypass and password change for the admin user. The PoC uses a simple SQLi payload to bypass login and then changes the admin password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Hospital Management System v4.0

No auth needed

Prerequisites: Target must be running Hospital Management System 4.0 · Admin panel must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026