CVE Catalog

CVE-2026-13495

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile — higher than 12% of all known CVEs

Summary

A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the file /adminprofile.php. An attacker can remotely manipulate the loginid argument, leading to SQL injection.

Risk Assessment

The risk includes unauthorized database access, leakage of sensitive patient and staff data, and potential system takeover.

Recommendation

Immediately update the system to the latest version or apply a security patch that sanitizes input in the /adminprofile.php file.

Original NVD description (English source)

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS