关键信息 ID: VDB-344882, CVE-2026-2179, GCVE-100-344882 Title: PHPGURUKUL HOSPITAL MANAGEMENT SYSTEM 4.0 /ADMIN/MANAGE-USERS.PHP ID SQL INJECTION CVSS Meta Temp Score: 4.3 Current Exploit Price: $0-$5k CTI Interest Score: 2.56 Summary A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected is an unknown function of the file /admin/manage-users.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2179. The attack can be launched remotely. Moreover, an exploit is present. Details A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id with an unknown input leads to a sql injection vulnerability. Using CWE to declare the problem leads to CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The advisory is available at github.com. This vulnerability is handled as CVE-2026-2179. The exploitation is known to be easy. The attack may be launched remotely. Additional levels of successful authentication are required for exploitation. Technical details as well as a public exploit are known. This vulnerability is assigned to T1505 by the MITRE ATT&CK project.