A vulnerability identified as critical has been detected in itsourcecode Hospital Management System 1.0 . The impacted element is an unknown function of the file /insertbillingrecord.php . The manipulation of the argument patientid leads to sql injection. This vulnerability is traded as CVE-2026-13572 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available.