CVE-2026-13550
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A SQL injection vulnerability has been found in itsourcecode Baptism Information Management System 1.0 in the file /delbaptism.php. An unknown function mishandles the ID argument, allowing remote exploitation. The exploit is publicly available and could be used in attacks.
Risk Assessment
An attacker can remotely manipulate SQL queries, potentially leading to data leakage, modification, or deletion, compromising the confidentiality and integrity of the system.
Recommendation
Immediately update the system to the latest version or apply a security patch. If not possible, implement input validation and parameterized SQL queries for the ID argument in /delbaptism.php.
Original NVD description (English source)
A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

