CVE-2026-13548

Description

A vulnerability was identified in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /doctortimings.php. The manipulation of the argument editid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

References

• https://github.com/ltranquility/submit/issues/19
• https://itsourcecode.com/
• https://vuldb.com/cve/CVE-2026-13548
• https://vuldb.com/submit/843063
• https://vuldb.com/vuln/374556