A vulnerability classified as critical was found in itsourcecode Hospital Management System 1.0 . Affected by this issue is some unknown functionality of the file /patientchangepassword.php . Executing a manipulation of the argument newpassword can lead to sql injection. The identification of this vulnerability is CVE-2026-13579 . The attack may be launched remotely. Furthermore, there is an exploit available.