CVE-2026-5960 | code-projects Patient Record Management System 1.0 SQL Database Backup File /db/hcpms.sql information disclosure

VDB-356513 · CVE-2026-5960 · GCVE-100-356513 CODE-PROJECTS PATIENT RECORD MANAGEMENT SYSTEM 1.0 SQL DATABASE BACKUP FILE /DB/HCPMS.SQL INFORMATION DISCLOSURE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 3.8 $0-$5k 1.60+ Summaryinfo A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /db/hcpms.sql of the component SQL Database Backup File Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-5960. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to apply restrictive firewalling. Detailsinfo A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as problematic. This issue affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The advisory is shared at github.com. The identification of this vulnerability is CVE-2026-5960. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details as well as a public exploit are known. MITRE ATT&CK project uses the attack technique T1592 for this issue. The exploit is available at github.com. It is declared as proof-of-concept. By approaching the search of inurl:db/hcpms.sql it is possible to find vulnerable targets with Google Hacking. Addressing this vulnerability is possible by firewalling . Productinfo Type Medical Device Software Vendor code-projects Name Patient Record Management System Version 1.0 License free Website Vendor: https://code-projects.org/ CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 4.3 VulDB Meta Temp Score: 3.8 VulDB Base Score: 4.3 VulDB Temp Score: 3.8 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Information disclosure CWE: CWE-200 / CWE-284 / CWE-266 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Access: Public Status: Proof-of-Concept Download: 🔒 Google Hack: 🔒 Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Firewall Status: 🔍 0-Day Time: 🔒 Timelineinfo 04/09/2026 Advisory disclosed 04/09/2026 +0 days VulDB entry created 04/09/2026 +0 days VulDB entry last update Sourcesinfo Vendor: code-projects.org Advisory: github.com Status: Not defined CVE: CVE-2026-5960 (🔒) GCVE (CVE): GCVE-0-2026-5960 GCVE (VulDB): GCVE-100-356513 scip Labs: https://www.scip.ch/en/?labs.20161013 Entryinfo Created: 04/09/2026 11:57 Changes: 04/09/2026 11:57 (57) Complete: 🔍 Submitter: AhmadMarzook Cache ID: 99:EE8:101 Submitinfo Accepted Submit #788397: code-projects Patient Record Management System In PHP 1.0 Information Disclosure (by AhmadMarzook) Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸