A vulnerability labeled as critical has been found in itsourcecode Hospital Management System 1.0 . Affected is an unknown function of the file /department.php . The manipulation of the argument editid results in sql injection. This vulnerability was named CVE-2026-13531 . The attack may be performed from remote. In addition, an exploit is available.