{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6005", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-09T13:27:14.739Z", "datePublished": "2026-04-10T02:45:12.085Z", "dateUpdated": "2026-04-10T15:54:38.282Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-10T02:45:12.085Z"}, "title": "code-projects Patient Record Management System hematology_print.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Patient Record Management System", "versions": [{"version": "1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:code-projects:patient_record_management_system:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-09T15:32:19.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "userq (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/356561", "name": "VDB-356561 | code-projects Patient Record Management System hematology_print.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356561/cti", "name": "VDB-356561 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794536", "name": "Submit #794536 | code-projects Health Care Patient Record Management System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/1768161086/SQL_CVE_1.0/blob/main/sql_cve.pdf", "tags": ["exploit"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T15:48:57.068790Z", "id": "CVE-2026-6005", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T15:54:38.282Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6005", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T15:48:57.068790Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T15:49:03.415Z"}}], "cna": {"tags": ["x_freeware"], "title": "code-projects Patient Record Management System hematology_print.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "userq (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:code-projects:patient_record_management_system:*:*:*:*:*:*:*:*"], "vendor": "code-projects", "product": "Patient Record Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-09T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-09T15:32:19.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356561", "name": "VDB-356561 | code-projects Patient Record Management System hematology_print.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356561/cti", "name": "VDB-356561 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794536", "name": "Submit #794536 | code-projects Health Care Patient Record Management System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/1768161086/SQL_CVE_1.0/blob/main/sql_cve.pdf", "tags": ["exploit"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-10T02:45:12.085Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6005", "state": "PUBLISHED", "dateUpdated": "2026-04-10T15:54:38.282Z", "dateReserved": "2026-04-09T13:27:14.739Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-10T02:45:12.085Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used."}], "id": "CVE-2026-6005", "lastModified": "2026-04-10T04:17:17.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-10T04:17:17.657", "references": [{"source": "cna@vuldb.com", "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "url": "https://github.com/1768161086/SQL_CVE_1.0/blob/main/sql_cve.pdf"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/794536"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356561"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356561/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Patient Record Management System", "source": "cna", "vendor": "code-projects"}, "product": "patient_record_management_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-04-10T04:22:07.618368+00:00", "value": {"mitigation_remediation": ["Verify whether code-projects has released a patch for Patient Record Management System 1.0 and apply it immediately. ", "If no patch is available, restrict public access to the /hematology_print.php endpoint so that only authenticated and authorized users can reach it. ", "Modify the hem_id handler to use parameterized queries or prepared statements to prevent SQL injection. ", "Deploy a web application firewall or intrusion detection system to block malicious SQL payloads directed at the script."], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects code-projects Patient Record Management System, version 1.0, specifically the hematology_print.php script. The attack vector involves invoking this script with a malicious hem_id parameter, which can be accessed remotely over the web.", "description_and_impact": "The flaw resides in an unnamed function of the hematology_print.php file in code-projects Patient Record Management System 1.0. Manipulating the hem_id argument allows an attacker to inject arbitrary SQL statements, enabling unauthorized data extraction, modification or deletion. By executing SQL injection remotely, an adversary can compromise the confidentiality and integrity of the patient records stored in the database.", "risk_and_exploitability": "With a CVSS score of 5.3, the issue is considered moderate but poses significant risk due to its remote nature and exploit availability. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, but published exploits indicate real-world deployment. The lack of official remediation information requires administrators to proactively address the weakness through updates or defensive measures."}}}}, "created": "2026-04-10T08:35:57.456514+00:00", "updated": "2026-04-10T09:26:59.312552+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$patient_record_management_system"]}