EIP-2026-107628

PRE-CVE

Hospitals Patient Records Management System 1.0 - Account TakeOver

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107628. PoCs published by twseptian.

AI-analyzed exploit summary This exploit demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in Hospitals Patient Records Management System 1.0, allowing an attacker to takeover an Administrator's account by modifying the 'id' parameter in a POST request.

Description

Hospitals Patient Records Management System 1.0 - Account TakeOver

Exploits (1)

exploitdb WORKING POC

by twseptian · textwebappsphp

https://www.exploit-db.com/exploits/50631

View Code ZIP pw:eip

This exploit demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in Hospitals Patient Records Management System 1.0, allowing an attacker to takeover an Administrator's account by modifying the 'id' parameter in a POST request.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Hospitals Patient Records Management System 1.0

Auth required

Prerequisites: Valid user account with access to the 'My Account' page

MITRE ATT&CK

T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026