A vulnerability identified as critical has been detected in itsourcecode Hospital Management System 1.0 . The affected element is an unknown function of the file /addpatient.php . This manipulation of the argument admissiontme causes sql injection. This vulnerability appears as CVE-2026-11514 . The attack may be initiated remotely. In addition, an exploit is available.