A vulnerability was found in itsourcecode Hospital Management System 1.0 . It has been declared as critical . This impacts an unknown function of the file /doctorchangepassword.php . Executing a manipulation of the argument newpassword can lead to sql injection. This vulnerability appears as CVE-2026-13541 . The attack may be performed from remote. In addition, an exploit is available.