A vulnerability labeled as critical has been found in SourceCodester Hospitals Patient Records Management System 1.0 . This issue affects some unknown processing of the file /classes/Master.php?f=save_patient . The manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2026-11501 . It is possible to launch the attack remotely. Furthermore, an exploit is available.