A vulnerability classified as critical was found in code-projects Online Hospital Management System 1.php . This impacts the function login_user of the file login_1.php . Executing a manipulation of the argument Username can lead to sql injection. This vulnerability is handled as CVE-2026-10208 . The attack can be executed remotely. Additionally, an exploit exists.