A vulnerability was found in itsourcecode Hospital Management System 1.0 and classified as critical . The affected element is an unknown function of the file /ajaxmedicine.php . The manipulation of the argument medicineid results in sql injection. This vulnerability is known as CVE-2026-13496 . It is possible to launch the attack remotely. Furthermore, an exploit is available.