Description
A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the add_sub_topic.php file of the itsourcecode Content Management System, where manipulation of the topic_id parameter allows execution of arbitrary SQL queries. This flaw is classified as CWE‑74 and CWE‑89, indicating improper escaping and typical SQL injection weaknesses. The impact is the potential for an attacker to read, modify, or delete data from the database, compromising confidentiality and integrity of the site’s content.

Affected Systems

Affected systems include the itsourcecode Content Management System version 1.0. The vulnerability occurs in the /admin/add_sub_topic.php file, which is part of the core administration interface. No additional version or build information is listed beyond the baseline 1.0 release.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, and a publicly available exploit has already been released, increasing the likelihood that attackers could target vulnerable installations before a patch is applied.

Generated by OpenCVE AI on June 1, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or support channels for an official patch or newer release of itsourcecode Content Management System that removes the vulnerable code.
  • Apply comprehensive input validation or parameterized queries to sanitize the topic_id value before it is inserted into SQL statements.
  • Deploy a web‑application firewall or intrusion detection system configured to block common SQL injection payloads targeting the /admin/add_sub_topic.php endpoint.
  • After patching or applying the mitigations, perform a vulnerability scan or penetration test to confirm that the flaw has been addressed.

Generated by OpenCVE AI on June 1, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Title itsourcecode Content Management System add_sub_topic.php sql injection
First Time appeared Itsourcecode
Itsourcecode content Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:content_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode content Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Content Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T12:45:08.225Z

Reserved: 2026-05-31T12:37:01.690Z

Link: CVE-2026-10258

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-01T13:16:30.183

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T15:15:30Z

Weaknesses