CVE Catalog

CVE-2026-13550

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability has been found in itsourcecode Baptism Information Management System 1.0 in the file /delbaptism.php. An unknown function mishandles the ID argument, allowing remote exploitation. The exploit is publicly available and could be used in attacks.

Risk Assessment

An attacker can remotely manipulate SQL queries, potentially leading to data leakage, modification, or deletion, compromising the confidentiality and integrity of the system.

Recommendation

Immediately update the system to the latest version or apply a security patch. If not possible, implement input validation and parameterized SQL queries for the ID argument in /delbaptism.php.

Original NVD description (English source)

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS