Is there a public PoC exploit available for CVE-2026-7077?

Yes, a public proof-of-concept exploit is available for CVE-2026-7077. Prioritise patching immediately. EPSS: 0.0%.

itsourcecode Courier Management System CVE-2026-7077

Q: What is the CVSS score of CVE-2026-7077?

CVE-2026-7077 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25759 MEDIUM

SQL Injection (CWE-89)

2026-04-27 VulDB

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Analysis Generated

Apr 27, 2026 - 03:30 vuln.today

Severity Changed

Apr 27, 2026 - 03:22 NVD

HIGH MEDIUM

CVSS changed

Apr 27, 2026 - 03:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

EUVD ID Assigned

Apr 27, 2026 - 03:00 euvd

EUVD-2026-25759

Analysis Generated

Apr 27, 2026 - 03:00 vuln.today

CVE Published

Apr 27, 2026 - 02:00 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

AnalysisAI

SQL injection in itsourcecode Courier Management System 1.0 via the ID parameter in /edit_parcel.php allows remote unauthenticated attackers to query, modify, or delete database contents. The CVSS 6.9 score reflects low confidentiality and integrity impact; however, the vulnerability is remotely exploitable with no authentication required and publicly available exploit code exists, making it a practical attack vector against exposed instances.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7077 vulnerability details – vuln.today

Back

itsourcecode Courier Management System CVE-2026-7077

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

itsourcecode Courier Management System CVE-2026-7077

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code