A vulnerability classified as critical has been found in itsourcecode Hospital Management System 1.0 . Impacted is an unknown function of the file /doctortimings.php . The manipulation of the argument editid leads to sql injection. This vulnerability is referenced as CVE-2026-13548 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.