CVE-2026-13551
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A SQL injection vulnerability has been found in itsourcecode Baptism Information Management System 1.0 in the /editBaptism.php file. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit has been publicly disclosed.
Risk Assessment
The risk includes unauthorized database access, leakage or modification of sensitive data, and potential system compromise.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, validate and sanitize all input in the /editBaptism.php file.
Original NVD description (English source)
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

