A vulnerability was found in itsourcecode Hospital Management System 1.0 . It has been classified as critical . The impacted element is an unknown function of the file /appointment.php . This manipulation of the argument editid causes sql injection. This vulnerability is handled as CVE-2026-13497 . The attack can be initiated remotely. Additionally, an exploit exists.