CVE-2026-5960 MEDIUM

CVE-2026-5960: code-projects Patient Record Management System SQL Database Backup File hcpms.sql information disclosure

Vendor Code-Projects
Product Patient Record Management System
Weakness CWE-200 · Info exposure
Published April 9, 2026
Last update April 10, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Key dates

02Disclosure timeline

April 9, 2026 CVE published
April 10, 2026 Record updated