CVE-2026-13550 itsourcecode CVE debrief

Who should care

Organizations using the itsourcecode Baptism Information Management System 1.0 should be aware of this vulnerability and take necessary steps to mitigate it. Additionally, security teams and administrators responsible for managing and securing software applications should be informed about this vulnerability to ensure proper defensive measures are in place.

Technical summary

The vulnerability is caused by a lack of proper input validation in the /delbaptism.php file of the itsourcecode Baptism Information Management System 1.0. This allows an attacker to inject malicious SQL code by manipulating the ID argument. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness associated with this vulnerability is CWE-74 and CWE-89.

Defensive priority

This vulnerability has a medium severity level with a CVSS score of 5.5. It is recommended that organizations prioritize patching or mitigating this vulnerability to prevent potential attacks.

Recommended defensive actions

• Patch or update the itsourcecode Baptism Information Management System 1.0 to the latest version.
• Implement input validation and sanitization for user input in the /delbaptism.php file.
• Use prepared statements with parameterized queries to prevent SQL injection.
• Monitor the system for suspicious activity and implement logging and auditing mechanisms.
• Consider implementing compensating controls such as web application firewalls (WAFs) to detect and prevent SQL injection attacks.

Evidence notes

The CVE record and NVD detail provide information on this vulnerability. The exploit for this vulnerability has been made publicly available. The CVSS score and vector provide a measure of the severity of this vulnerability. The weakness associated with this vulnerability is CWE-74 and CWE-89.

Official resources