EIP-2026-107625

PRE-CVE

Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107625. PoCs published by twseptian.

AI-analyzed exploit summary This is a writeup describing a time-based blind SQL injection vulnerability in Hospitalss Patient Records Management System 1.0 via the 'id' parameter. It includes steps to reproduce the vulnerability but does not contain executable exploit code.

Description

Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)

Exploits (1)

exploitdb WRITEUP

by twseptian · textwebappsphp

https://www.exploit-db.com/exploits/50630

View Code ZIP pw:eip

This is a writeup describing a time-based blind SQL injection vulnerability in Hospitalss Patient Records Management System 1.0 via the 'id' parameter. It includes steps to reproduce the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Hospitalss Patient Records Management System 1.0

Auth required

Prerequisites: Authenticated access to the application · Access to the 'Patient List' page

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026