These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-14638 is a SQL injection vulnerability in itsourcecode Hospital Management System 1.0. The vulnerability affects an unknown function of the file /patient.php. This manipulation of the argument editid causes SQL injection. The attack may be initiated remotely. The exploit has been published and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity. The vulnerability [truncated]
CVE-2026-14619 is a SQL injection vulnerability in the itsourcecode Hospital Management System 1.0. The vulnerability affects an unknown functionality of the /medicine.php file. An attacker can exploit this vulnerability by manipulating the editid argument, allowing for remote exploitation. The exploit has been published and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity.
CVE-2026-13555 is a SQL injection vulnerability in itsourcecode Online Hotel Management System 1.0. The vulnerability affects the /admin/mod_users/controller.php?action=add file. The manipulation of the Name argument results in SQL injection. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability has a CVSS score of 5.5 and a severity of MEDIUM.
CVE-2026-13554 is a cross site scripting vulnerability found in itsourcecode Online Hotel Management System 1.0. The vulnerability affects an unknown functionality of the file /admin/mod_amenities/controller.php?action=add, specifically in the POST Request Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to t [truncated]
A medium-severity vulnerability, CVE-2026-13553, has been identified in itsourcecode Online Hotel Management System 1.0. The flaw, located in the /admin/mod_amenities/controller.php?action=add file, permits unrestricted file uploads when manipulating the 'image' argument. This vulnerability can be exploited remotely. The issue has been made public, and an exploit may be available. Organizations using the [truncated]
CVE-2026-13552 is a SQL injection vulnerability in itsourcecode Online Hotel Management System 1.0. The vulnerability is located in the /admin/mod_amenities/controller.php?action=edit file and can be exploited remotely. The exploit is now public and may be used. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The vendor is Unknown Vendor and the product is itsourcecode Online Hotel Man [truncated]
A SQL injection vulnerability was detected in itsourcecode Baptism Information Management System 1.0. The vulnerability affects an unknown function of the file /editBaptism.php. Manipulation of the argument ID leads to SQL injection. The attack may be performed remotely. The exploit has been disclosed publicly and may be used. Limited information is available about the vendor and product, and the CVE reco [truncated]
A SQL injection vulnerability has been identified in itsourcecode Baptism Information Management System 1.0. The vulnerability is located in the /delbaptism.php file and is caused by improper handling of the ID argument. This allows remote attackers to inject malicious SQL code. The exploit for this vulnerability has been made publicly available and could potentially be used for attacks. The CVSS score fo [truncated]
CVE-2026-13531 is a SQL injection vulnerability in Itsourcecode Hospital Management System 1.0. The vulnerability affects an unknown function of the file /department.php. The manipulation of the argument editid results in SQL injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This vulnerability has a CVSS score of 2.1 and a severity of LOW.
CVE-2026-13530 is a SQL injection vulnerability in the itsourcecode Hospital Management System 1.0. This vulnerability affects an unknown function of the /appointmentdetail.php file within the Appointment Handler component. The manipulation of the editid argument leads to SQL injection. The attack can be carried out remotely. The exploit is publicly available and may be used. The CVSS score for this vulne [truncated]
CVE-2026-13520 is a SQL injection vulnerability in Itsourcecode Hospital Management System 1.0. The vulnerability affects an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes SQL injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. As of now, no pa [truncated]
CVE-2026-13497 is a SQL injection vulnerability in itsourcecode Hospital Management System 1.0. The vulnerability is located in the /appointment.php file and is caused by the manipulation of the editid argument. This vulnerability allows remote attackers to inject malicious SQL code. The exploit has been publicly disclosed and may be utilized. The CVSS score for this vulnerability is 2.1, indicating a low [truncated]
CVE-2026-13496 is a SQL injection vulnerability in the Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in SQL injection. This vulnerability can be exploited remotely. The exploit has been made public and could be used. The CVSS score for this vulnerability is 2.1, indicating a low severity.
CVE-2026-13495 is a SQL injection vulnerability in the itsourcecode Hospital Management System 1.0. The vulnerability is located in the /adminprofile.php file and is caused by improper input validation of the loginid argument. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access to sensitive data. The vulnerability has a CVSS score of 2 and a severity of LOW. Th [truncated]
A SQL injection vulnerability has been discovered in Itsourcecode Hospital Management System 1.0. The vulnerability exists in the /addpatient.php file and is caused by improper sanitization of user input in the admissiontme argument. This vulnerability allows remote attackers to inject malicious SQL code, potentially leading to unauthorized access or modification of sensitive data.
CVE-2026-11513 is a SQL injection vulnerability in itsourcecode Hospital Management System 1.0. The vulnerability affects an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in SQL injection. The attack can be launched remotely. The exploit is now public and may be used. The CVSS score is 2.1, and the severity is LOW.
A low-severity cross site scripting vulnerability has been detected in Itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
A SQL injection vulnerability has been detected in Itsourcecode Fees Management System 1.0. The vulnerability affects an unknown functionality of the file /receipt.php. Manipulation of the argument ef_id leads to SQL injection. The attack may be performed remotely. The exploit has been disclosed publicly and may be used.
A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
A SQL injection vulnerability was discovered in Itsourcecode Fees Management System 1.0. The vulnerability affects an unknown function of the file /manage_user.php and can be exploited remotely by manipulating the ID argument. The vulnerability has a CVSS score of 2.1 and is considered low-severity.
A SQL injection vulnerability was identified in Itsourcecode Fees Management System 1.0. The vulnerability affects an unknown function of the file /manage_student.php. The manipulation of the argument ID leads to SQL injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
A SQL injection vulnerability exists in itsourcecode Content Management System 1.0, specifically in the /admin/edit_topic.php file via the topic_id parameter. The vulnerability allows remote attackers with low privileges to manipulate SQL queries. The CVSS 4.0 score of 2.1 (LOW) reflects limited impact scope, though the exploit is publicly available per source assessment. The vendor attribution is derived [truncated]
A SQL injection vulnerability exists in itsourcecode Online House Rental System 1.0, specifically within the /manage_payment.php file. The ID parameter is susceptible to manipulation, allowing remote attackers to inject arbitrary SQL commands. The vulnerability was disclosed publicly on 2026-06-01 and is rated MEDIUM severity with a CVSS score of 5.5. The exploit is publicly available, increasing the risk [truncated]
A SQL injection vulnerability exists in itsourcecode Online House Rental System 1.0, specifically in the /ajax.php?action=login endpoint where the Username parameter is improperly sanitized. The vulnerability allows remote attackers to manipulate SQL queries through crafted input. The issue was published on 2026-06-01 and carries a MEDIUM severity CVSS score of 5.5. Public exploit availability increases i [truncated]
A SQL injection vulnerability exists in itsourcecode Online Blood Bank Management System 1.0, specifically in the /admin/campsdetails.php file via the hospital parameter. The vulnerability allows remote attackers to manipulate SQL queries through crafted input to this parameter. The issue was published on 2026-06-01 with a CVSS 4.0 score of 5.5 (MEDIUM severity). The exploit has been publicly disclosed, i [truncated]
A SQL injection vulnerability exists in itsourcecode Online Blood Bank Management System 1.0, specifically within the /admin/viewrequest.php file. The vulnerability stems from improper sanitization of the 'ID' parameter, allowing remote attackers to manipulate SQL queries. The attack vector is network-based, requires no authentication, and has a low complexity. Public exploit availability increases risk, [truncated]
A SQL injection vulnerability exists in ITSourceCode Courier Management System 1.0, specifically in the `/parcel_list.php` file. The vulnerability allows remote attackers to manipulate the `s` parameter to inject malicious SQL commands. The CVSS 4.0 score of 2.1 (LOW severity) reflects limited privileges required and low impact on confidentiality, integrity, and availability. The exploit has been publicly [truncated]
A SQL injection vulnerability exists in itsourcecode Student Transcript Processing System 1.0, specifically in the /admin/modules/student/trans.php file. The vulnerability allows remote attackers to manipulate the studentId and cid parameters to inject malicious SQL commands. The CVSS 4.0 vector indicates network attack vector with low complexity, no privileges required, and low impacts on confidentiality [truncated]
A cross-site scripting (XSS) vulnerability exists in itsourcecode Electronic Judging System 1.0, specifically within the `/admin/judges.php` file. The `fname` parameter is susceptible to improper input sanitization, allowing remote attackers to inject malicious scripts. The vulnerability has been publicly disclosed with proof-of-concept availability, though exploitation requires user interaction. The CVSS [truncated]
A SQL injection vulnerability exists in itsourcecode Electronic Judging System 1.0, specifically in the /admin/edit_judge.php endpoint where the judge_id parameter is improperly sanitized. The vulnerability allows remote attackers to manipulate database queries through crafted input to this parameter. The issue was disclosed publicly on 2026-05-26 with exploit details available. The CVSS 4.0 vector indica [truncated]
A SQL injection vulnerability exists in the itsourcecode Electronic Judging System 1.0, specifically within the /intrams/admin/login.php endpoint. The Username parameter is susceptible to injection, enabling remote attackers to manipulate database queries. The vulnerability has been publicly disclosed with exploit availability confirmed, though no known ransomware campaign use has been identified. The CVS [truncated]