Description
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Published: 2026-06-29
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a SQL injection flaw in the /editBaptism.php file of itsourcecode Baptism Information Management System 1.0. By manipulating the ID argument, an attacker can inject arbitrary SQL queries, allowing unauthorized data modification, reading, or deletion and compromising the integrity and confidentiality of baptism records.

Affected Systems

The affected system is the itsourcecode Baptism Information Management System, version 1.0.

Risk and Exploitability

The CVSS score is 6.9, indicating moderate severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. The attack can be performed remotely, probably without authentication, and could be leveraged by a public adversary who can access the web interface to manipulate the ID parameter.

Generated by OpenCVE AI on June 29, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor's website or support channels for a published patch or newer version that addresses the SQL injection vulnerability.
  • If a patch or upgrade is available, apply it immediately to the Baptism Information Management System.
  • Adjust the code or configuration of editBaptism.php to enforce strict input validation and use parameterized queries for the ID field, preventing arbitrary SQL execution.
  • Configure web application firewalls or intrusion detection systems to flag and block suspicious SQL injection attempts on the editBaptism.php endpoint.

Generated by OpenCVE AI on June 29, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 29 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Title itsourcecode Baptism Information Management System editBaptism.php sql injection
First Time appeared Itsourcecode
Itsourcecode baptism Information Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:baptism_information_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode baptism Information Management System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Baptism Information Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T14:52:28.374Z

Reserved: 2026-06-28T11:03:54.322Z

Link: CVE-2026-13551

cve-icon Vulnrichment

Updated: 2026-06-29T13:36:35.274Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T13:15:03Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')