Skip to content
CVSS 7.3 · HIGH

CVE-2026-7077

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Ver en NVD

Análisis

The Courier Management System by itsourcecode is a low-volume script often used for educational purposes or small projects rather than professional infrastructure. While it contains a remote SQL injection vulnerability, its lack of widespread adoption means it does not warrant the attention of the general developer community.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.7%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Publicada: 27/4/2026, 3:15:59
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo