Description
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Published: 2026-05-02
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A specific PHP script in the Courier Management System (edit_user.php) allows an attacker to manipulate the ID argument, enabling SQL injection. The flaw is tied to improper handling of user input, aligning with CWE-74 (Improper Sanitization of SQL Parameters) and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). Because the input can be injected remotely, an attacker may extract or alter database contents, potentially compromising user data, system integrity, and confidentiality.

Affected Systems

The vulnerable component is part of itsourcecode Courier Management System version 1.0, specifically the edit_user.php endpoint that processes user identification parameters. No other versions or components are currently documented as affected.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate impact, and no EPSS score is available, though the vulnerability has been publicly disclosed and is known to be exploitable from a remote location. The flaw can be triggered by sending a crafted request to the ID parameter of edit_user.php, implying a high likelihood for attackers lacking advanced tooling. As the issue is not listed in CISA KEV, it may be underslept; however, the existence of public exploits increases the risk. Monitoring and mitigation are recommended promptly.

Generated by OpenCVE AI on May 2, 2026 at 11:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install any available vendor patch or release that fixes the edit_user.php SQL injection.
  • Restrict access to edit_user.php to authenticated and authorized administrative users only, and remove any unnecessary public exposure.
  • Apply strict input validation and use parameterized queries or prepared statements for all SQL operations involving user-supplied ID values.
  • Monitor application logs for suspicious query patterns and enforce web application firewall rules to detect and block SQL injection attempts.

Generated by OpenCVE AI on May 2, 2026 at 11:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode courier Management System
Vendors & Products Itsourcecode
Itsourcecode courier Management System

Sat, 02 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Title itsourcecode Courier Management System edit_user.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Courier Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T10:00:14.181Z

Reserved: 2026-05-01T12:09:48.571Z

Link: CVE-2026-7612

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T10:16:19.820

Modified: 2026-05-02T10:16:19.820

Link: CVE-2026-7612

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T11:30:41Z

Weaknesses