CVE-2026-10299
3.8 LOWA weakness has been identified in code-projects Online Hospital Management System 1.0
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 3.8 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
- CWE
- CWE-99
Description
A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10299
- [Other]https://code-projects.org/
- [Other]https://github.com/Carm3nc1ta/vuln-test/blob/main/Online%20Hospital%20Management%20System%20has%20IDOR%20vulnerability%20in%20viewdoctortimings_php.md
- [Other]https://vuldb.com/cve/CVE-2026-10299
- [Other]https://vuldb.com/submit/827505
- [Other]https://vuldb.com/vuln/367592
- [Other]https://vuldb.com/vuln/367592/cti
Related CVEs
Same CWE
- CVE-2026-10624 — A vulnerability has been found in SourceCodester Human Resource Management 1.0 (4.3 MEDIUM)
- CVE-2026-10168 — A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6... (6.3 MEDIUM)
- CVE-2026-9438 — A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 (5.4 MEDIUM)
- CVE-2026-33603 — Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding (6.8 MEDIUM)