Description
A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Fees Management System 1.0 contains an unsanitized ID parameter in the manage_course.php script, enabling attackers to inject arbitrary SQL statements. This flaw permits data extraction, modification, or deletion of course‑related records, which can compromise confidentiality, integrity, and availability of the institution’s financial information.

Affected Systems

The vulnerability affects itsourcecode’s Fees Management System version 1.0. It is present in the manage_course.php module and is likely to impact any deployment of this legacy system.

Risk and Exploitability

With a CVSS score of 5.3, the flaw carries a moderate severity rating. The EPSS score is not available, but the exploit is openly documented and can be executed remotely without special privileges. The vulnerability is not listed in the CISA KEV catalog, yet its public availability suggests that the risk to organizations still running this software remains significant.

Generated by OpenCVE AI on June 1, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Fees Management System to the latest released version or apply the vendor’s approved patch for the manage_course.php SQL injection flaw.
  • If a patch is unavailable, enforce strict input validation on the ID parameter, ensuring only numeric identifiers are accepted and using prepared statements or parameterized queries.
  • Deploy a web application firewall or input sanitization layer to detect and block malicious SQL patterns directed at the application.

Generated by OpenCVE AI on June 1, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Title itsourcecode Fees Management System manage_course.php sql injection
First Time appeared Itsourcecode
Itsourcecode fees Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:fees_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode fees Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Fees Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T22:15:09.329Z

Reserved: 2026-05-31T18:00:48.706Z

Link: CVE-2026-10297

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:18.693

Modified: 2026-06-01T23:16:18.693

Link: CVE-2026-10297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T23:30:12Z

Weaknesses