CVE-2026-9607

Description

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

References

• https://github.com/ltranquility/cve_submit/issues/19
• https://itsourcecode.com/
• https://vuldb.com/submit/818333
• https://vuldb.com/vuln/365680
• https://vuldb.com/vuln/365680/cti