PatchSiren cyber security CVE debrief
CVE-2026-10809 itsourcecode CVE debrief
A SQL injection vulnerability was discovered in Itsourcecode Fees Management System 1.0. The vulnerability affects an unknown function of the file /manage_user.php and can be exploited remotely by manipulating the ID argument. The vulnerability has a CVSS score of 2.1 and is considered low-severity.
- Vendor
- itsourcecode
- Product
- Fees Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of Itsourcecode Fees Management System 1.0 should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by a lack of input validation in the ID argument of the /manage_user.php file, allowing an attacker to inject malicious SQL code. The vulnerability can be exploited remotely and has a CVSS score of 2.1.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates to Itsourcecode Fees Management System 1.0 to fix the SQL injection vulnerability.
- Use prepared statements or parameterized queries to prevent SQL injection attacks.
- Validate and sanitize user input to prevent malicious SQL code injection.
Evidence notes
The vulnerability was discovered in Itsourcecode Fees Management System 1.0 and affects the /manage_user.php file. The CVSS score is 2.1, indicating a low-severity vulnerability.
Official resources
CVE-2026-10809 was published on 2026-06-04T14:16:37.203Z and modified on 2026-06-04T14:41:25.017Z.