A vulnerability, which was classified as critical , was found in SourceCodester Hospitals Patient Records Management System 1.0 . This affects an unknown function of the file /admin/patients/manage_history.php . Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2026-9356 . The attack may be performed from remote. In addition, an exploit is available.