CVE-2026-9607

itsourcecode Courier Management System parcel_list.php sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-89

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

itsourcecode · Courier Management System

public PoCs found — 1

cve_referencegithub.com/ltranquility/cve_submit/issues/19unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/ltranquility/cve_submit/issues/19 https://itsourcecode.com/https://vuldb.com/submit/818333 https://vuldb.com/vuln/365680 https://vuldb.com/vuln/365680/cti