Skip to main content

Baptism Information Management System

2 CVEs product

Monthly

CVE-2026-13551 MEDIUM POC This Month

SQL injection in itsourcecode Baptism Information Management System 1.0 exposes database contents to remote unauthenticated attackers via the ID parameter in /editBaptism.php. A publicly available proof-of-concept exploit exists on GitHub, enabling data exfiltration or modification without any credentials or user interaction. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/E:P) confirms low-complexity remote exploitation with no special conditions required, and no vendor-released patch has been identified.

SQLi PHP Baptism Information Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-13550 MEDIUM POC This Month

SQL injection in itsourcecode Baptism Information Management System 1.0 exposes the `/delbaptism.php` endpoint to remote database manipulation via an unsanitized `ID` parameter. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms this requires no authentication or user interaction against any network-accessible instance. A public proof-of-concept exploit exists on GitHub, making this immediately weaponizable against any exposed deployment, though the application is not listed in CISA KEV and its niche footprint substantially limits aggregate exposure.

SQLi PHP Baptism Information Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode Baptism Information Management System 1.0 exposes database contents to remote unauthenticated attackers via the ID parameter in /editBaptism.php. A publicly available proof-of-concept exploit exists on GitHub, enabling data exfiltration or modification without any credentials or user interaction. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/E:P) confirms low-complexity remote exploitation with no special conditions required, and no vendor-released patch has been identified.

SQLi PHP Baptism Information Management System
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode Baptism Information Management System 1.0 exposes the `/delbaptism.php` endpoint to remote database manipulation via an unsanitized `ID` parameter. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms this requires no authentication or user interaction against any network-accessible instance. A public proof-of-concept exploit exists on GitHub, making this immediately weaponizable against any exposed deployment, though the application is not listed in CISA KEV and its niche footprint substantially limits aggregate exposure.

SQLi PHP Baptism Information Management System
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy