Description
A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Published: 2026-06-02
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unsanitized argument in the /manage_payment.php file of itsourcecode Fees Management System enables SQL injection. By manipulating the ID parameter, an attacker can construct arbitrary SQL statements, potentially retrieving, modifying, or deleting sensitive payment records. This flaw is exploitable from an external network and has an publicly available exploit.

Affected Systems

The vulnerability affects the Fees Management System from itsourcecode, specifically version 1.0. Only the unknown function referenced in /manage_payment.php contains the flaw. No other products or versions are indicated.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. No EPSS data is available, and the flaw is not included in the CISA KEV catalog. The attack vector is remote and requires the ability to supply a crafted ID value; no privileged access or additional prerequisites are mentioned. While the risk is moderate, the potential for data disclosure makes it a concern for systems handling payment information.

Generated by OpenCVE AI on June 2, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched release of itsourcecode Fees Management System if one is available.
  • Refactor the /manage_payment.php handling of the ID parameter to use parameterized queries or proper input validation to prevent SQL injection.
  • Restrict external access to the /manage_payment.php endpoint using firewall rules or IP whitelisting to limit exposure to trusted hosts.

Generated by OpenCVE AI on June 2, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Title itsourcecode Fees Management System manage_payment.php sql injection
First Time appeared Itsourcecode
Itsourcecode fees Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:fees_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode fees Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Fees Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-02T02:15:07.788Z

Reserved: 2026-06-01T16:38:22.069Z

Link: CVE-2026-10568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T03:16:16.520

Modified: 2026-06-02T03:16:16.520

Link: CVE-2026-10568

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T03:30:26Z

Weaknesses