A vulnerability, which was classified as critical , has been found in SourceCodester Hospitals Patient Records Management System 1.0 . The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history . This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2026-9355 . The attack is possible to be carried out remotely. Moreover, an exploit is present.