Description
A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument topic_id results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in itsourcecode Content Management System 1.0 allows a remote attacker to manipulate the topic_id parameter in /admin/update_ss_img.php, resulting in SQL injection. The injection can be exploited over the network and the exploit code has been released publicly, exposing the system to data compromise or modification.

Affected Systems

the affected product is itsourcecode Content Management System, version 1.0. The vulnerability targets the /admin/update_ss_img.php script. No additional version details are provided.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate severity. Because the exploit is already available in the wild and can be triggered remotely, the risk is elevated even though an EPSS score is not reported. The vulnerability is not listed in CISA's KEV catalog and the attack vector is inferred to be remote network access to the CMS admin interface. The stored and reflected nature of the injection could allow broader compromise if the attacker gains persistent access.

Generated by OpenCVE AI on June 1, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that fixes the update_ss_img.php SQL injection or upgrade to a newer CMS version if available.
  • Restrict external access to the CMS administration panel using firewall rules or a web application firewall to limit exposure.
  • Ensure that all input parameters, especially topic_id, are properly validated and sanitized before being used in SQL statements.
  • Monitor and review application logs for irregular SQL queries or exploit attempts.

Generated by OpenCVE AI on June 1, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument topic_id results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title itsourcecode Content Management System update_ss_img.php sql injection
First Time appeared Itsourcecode
Itsourcecode content Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:content_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode content Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Content Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T12:30:10.876Z

Reserved: 2026-05-31T12:36:59.048Z

Link: CVE-2026-10257

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-01T13:16:30.027

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10257

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T14:45:26Z

Weaknesses