CVE Catalog

CVE-2026-13572

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /insertbillingrecord.php. An attacker can remotely manipulate the patientid argument, leading to SQL injection. The exploit has been publicly disclosed.

Risk Assessment

The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to leakage, modification, or deletion of patient data and other sensitive medical information.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and parameterized SQL queries for the patientid argument.

Original NVD description (English source)

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS