PatchSiren cyber security CVE debrief
CVE-2026-10811 itsourcecode CVE debrief
A SQL injection vulnerability has been detected in Itsourcecode Fees Management System 1.0. The vulnerability affects an unknown functionality of the file /receipt.php. Manipulation of the argument ef_id leads to SQL injection. The attack may be performed remotely. The exploit has been disclosed publicly and may be used.
- Vendor
- itsourcecode
- Product
- Fees Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of Itsourcecode Fees Management System 1.0
Technical summary
The vulnerability has a CVSS score of 2.1 and a CVSS severity of LOW. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates to fix the SQL injection vulnerability in /receipt.php.
- Restrict access to the /receipt.php file to prevent remote exploitation.
- Monitor the system for suspicious activity related to SQL injection attacks.
Evidence notes
The vulnerability was detected in Itsourcecode Fees Management System 1.0. The vendor is listed as Unknown Vendor.
Official resources
Publicly disclosed