Skip to main content

Courier Management System EUVD-2026-32026

| CVE-2026-9607 LOW
SQL Injection (CWE-89)
2026-05-27 VulDB GHSA-gq47-jjfp-q45r
PHP SQLi
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 27, 2026 - 00:27 vuln.today
Severity Changed
May 27, 2026 - 00:22 NVD
MEDIUM LOW
CVSS changed
May 27, 2026 - 00:22 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionNVD

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

AnalysisAI

SQL injection in itsourcecode Courier Management System 1.0 allows low-privileged authenticated remote attackers to manipulate backend database queries via the unsanitized 's' parameter in /parcel_list.php. A proof-of-concept exploit is publicly available on GitHub, meaningfully lowering the barrier to exploitation despite the low CVSS 4.0 score of 2.1. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-32026 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy