A vulnerability, which was classified as critical , has been found in code-projects Online Hospital Management System 1.0 . Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler . The manipulation of the argument editid leads to sql injection. This vulnerability is uniquely identified as CVE-2026-10209 . The attack is possible to be carried out remotely. Moreover, an exploit is present.