A vulnerability marked as critical has been reported in itsourcecode Hospital Management System 1.0 . Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php . This manipulation of the argument deptid causes sql injection. The identification of this vulnerability is CVE-2026-13532 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available.