Description
A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Published: 2026-05-05
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to inject arbitrary SQL statements via the 'ids' parameter in the /print_pdets.php page of itsourcecode Courier Management System 1.0. This can be triggered remotely without authentication. The CVE description does not specify the exact extent of data manipulation, but arbitrary SQL execution could potentially expose, alter, or disrupt the underlying data, thereby affecting confidentiality, integrity, or availability of the system’s data.

Affected Systems

itsourcecode Courier Management System 1.0, specifically the /print_pdets.php endpoint.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The exploit is publicly available and can be launched over the network by sending crafted 'ids' values. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Attackers may target the endpoint from any host that can reach the web application, potentially executing arbitrary SQL.

Generated by OpenCVE AI on May 5, 2026 at 06:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to the latest release of itsourcecode Courier Management System that fixes the SQL injection flaw.
  • Implement input validation for the 'ids' parameter, ensuring only numeric values are accepted, and use prepared statements or parameterized queries to construct database queries.
  • Restrict access to the /print_pdets.php endpoint by enforcing authentication and, if possible, limiting requests to known administrators or specific IP ranges.

Generated by OpenCVE AI on May 5, 2026 at 06:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode courier Management System
Vendors & Products Itsourcecode
Itsourcecode courier Management System

Tue, 05 May 2026 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Title itsourcecode Courier Management System print_pdets.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Courier Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T04:30:13.126Z

Reserved: 2026-05-04T22:12:20.927Z

Link: CVE-2026-7822

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T05:16:00.907

Modified: 2026-05-05T05:16:00.907

Link: CVE-2026-7822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T07:00:07Z

Weaknesses