PatchSiren cyber security CVE debrief
CVE-2026-13551 itsourcecode CVE debrief
A SQL injection vulnerability was detected in itsourcecode Baptism Information Management System 1.0. The vulnerability affects an unknown function of the file /editBaptism.php. Manipulation of the argument ID leads to SQL injection. The attack may be performed remotely. The exploit has been disclosed publicly and may be used. Limited information is available about the vendor and product, and the CVE record has a low confidence level.
- Vendor
- itsourcecode
- Product
- Baptism Information Management System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-29
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-06-29
- Advisory updated
- 2026-06-29
Who should care
Organizations using the itsourcecode Baptism Information Management System 1.0 should prioritize patching this vulnerability. Security teams and administrators responsible for web applications and database security should be aware of this vulnerability and take necessary actions. IT teams managing software developed by itsourcecode should also be informed about this issue.
Technical summary
The CVE-2026-13551 vulnerability is a SQL injection issue in the itsourcecode Baptism Information Management System 1.0. The vulnerability is located in the /editBaptism.php file and is triggered by manipulating the ID argument. This allows attackers to perform SQL injection attacks remotely. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium severity level. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Patching the vulnerable system should be the top priority. If patching is not possible, implementing compensating controls such as web application firewalls (WAFs) to detect and block SQL injection attempts can help mitigate the risk.
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the SQL injection vulnerability.
- Implement web application firewalls (WAFs) to detect and block SQL injection attempts.
- Conduct regular security audits and vulnerability assessments to identify and address potential issues.
- Monitor system logs for suspicious activity and implement incident response plans.
- Consider replacing or updating the itsourcecode Baptism Information Management System 1.0 if it is no longer supported by the vendor.
Evidence notes
The CVE record was published on June 29, 2026, and has a low confidence level due to limited information about the vendor and product. The National Vulnerability Database (NVD) and VulDB have additional information about this vulnerability. The exploit has been disclosed publicly, increasing the risk of attacks.
Official resources
This article is AI-assisted and based on the supplied source corpus.