Which versions of Courier Management System are affected by CVE-2026-9606?

itsourcecode Courier Management System 1.0 contains an unauthenticated SQL injection vulnerability in the user management interface that enables remote attackers to directly manipulate backend…

Is there a public PoC exploit available for CVE-2026-9606?

Yes, a public proof-of-concept exploit is available for CVE-2026-9606. Prioritise patching immediately. EPSS: 0.0%.

Courier Management System CVE-2026-9606

Q: What is the CVSS score of CVE-2026-9606?

CVE-2026-9606 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

SQL Injection (CWE-89)

2026-05-26 VulDB

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 27, 2026 - 00:22 NVD

HIGH MEDIUM

CVSS changed

May 27, 2026 - 00:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 27, 2026 - 00:00 vuln.today

DescriptionNVD

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

AnalysisAI

SQL injection in itsourcecode Courier Management System 1.0 lets remote attackers manipulate the 'ID' parameter of /manage_user.php to inject arbitrary SQL into backend database queries. Per the CVSS vector (PR:N) no authentication is required, and publicly available exploit code exists, though the flaw is not listed in CISA KEV and carries only low (C:L/I:L/A:L) per-impact ratings.

RemediationAI

Within 24 hours: Identify all systems running itsourcecode Courier Management System 1.0 and isolate from untrusted networks; establish monitoring for SQL injection attempts. Within 7 days: Deploy Web Application Firewall rules to block SQL injection patterns targeting /manage_user.php and implement strict input validation controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9606 vulnerability details – vuln.today

Back

Courier Management System CVE-2026-9606

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Courier Management System CVE-2026-9606

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code