Description
A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the manage_fee.php file of itsourcecode Fees Management System version 1.0 allows an attacker to manipulate the ID argument, resulting in a classic SQL injection. The vulnerability can be triggered by forged requests sent from outside the system, leading to arbitrary database queries, data exfiltration, modification, or deletion.

Affected Systems

The vulnerability affects the itsourcecode Fees Management System, specifically the /manage_fee.php component used in version 1.0.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. EPSS data is not available and the flaw is not yet listed in the CISA KEV catalog, but an exploit has already been published and can be launched remotely, implying that attackers could successfully target environments that expose the affected script. The primary attack vector is remote HTTP requests that include a crafted ID parameter.

Generated by OpenCVE AI on June 2, 2026 at 01:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Fees Management System to a version where the vulnerability has been patched.
  • If an immediate update is not possible, restrict web access to manage_fee.php to trusted administrative users only and enforce strong authentication.
  • Validate the ID parameter to accept only numeric values, and implement parameterized queries or prepared statements to eliminate injection points.

Generated by OpenCVE AI on June 2, 2026 at 01:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /manage_fee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Title itsourcecode Fees Management System manage_fee.php sql injection
First Time appeared Itsourcecode
Itsourcecode fees Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:fees_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode fees Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Fees Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T23:30:09.102Z

Reserved: 2026-05-31T18:12:59.481Z

Link: CVE-2026-10302

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T00:16:36.633

Modified: 2026-06-02T00:16:36.633

Link: CVE-2026-10302

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:45:25Z

Weaknesses