PatchSiren cyber security CVE debrief
CVE-2026-11513 itsourcecode CVE debrief
CVE-2026-11513 is a SQL injection vulnerability in itsourcecode Hospital Management System 1.0. The vulnerability affects an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in SQL injection. The attack can be launched remotely. The exploit is now public and may be used. The CVSS score is 2.1, and the severity is LOW.
- Vendor
- itsourcecode
- Product
- Hospital Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of itsourcecode Hospital Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation in the /adminaccount.php file, allowing an attacker to inject malicious SQL code through the Date argument. This can lead to unauthorized access to sensitive data or disruption of service.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates to fix the vulnerability as soon as possible.
- Use prepared statements with parameterized queries to prevent SQL injection.
- Limit database privileges to the minimum required for the application.
- Monitor the system for suspicious activity.
Evidence notes
The vulnerability was detected in itsourcecode Hospital Management System 1.0. The CVSS score is 2.1, and the severity is LOW.
Official resources
The CVE was published on 2026-06-08T13:16:32.367Z and modified on 2026-06-08T14:57:14.757Z.