CVE Catalog

CVE-2026-9606

High
Published: Translated: NVD NIST

Summary

A vulnerability has been found in itsourcecode Courier Management System version 1.0, affecting an unknown function in the file /manage_user.php. Manipulation of the argument ID leads to SQL injection, which can be performed remotely.

Risk Assessment

An attacker could exploit this vulnerability to conduct SQL injection attacks, potentially leading to unauthorized access to the database and data leakage.

Recommendation

It is recommended to update the system to the latest version and implement input filtering and validation to prevent SQL injection.

Original NVD description (English source)

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS