SQL Injection Vulnerability (CVE-2026-10186) Discovered in Online Hospital Management System

A critical SQL injection vulnerability (CVE-2026-10186) has been found in code-projects Online Hospital Management System version 1.0. The flaw in the '/patient.php' file, specifically through the 'editid' argument, allows remote attackers to bypass authentication and access sensitive patient data. The exploit is publicly available, increasing the risk of system compromise and regulatory violations.