CVE-2026-13495

Publié : 28 juin 2026

Modifié : 28 juin 2026

Score CVSS

4.7

MEDIUM

Description détaillée

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Références et Patchs

https://github.com/ltranquility/vuln_submit/issues/16 https://itsourcecode.com/https://vuldb.com/cve/CVE-2026-13495 https://vuldb.com/submit/838499 https://vuldb.com/vuln/374490 https://vuldb.com/vuln/374490/cti

Dernières Vulnérabilités

CVE-2026-49048

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.

VOIR DÉTAILS

CVE-2026-13504

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

VOIR DÉTAILS

CVE-2026-13503

A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

VOIR DÉTAILS