CVE-2026-10257
Description
SQL injection in itsourcecode Content Management System 1.0 via topic_id parameter in /admin/update_ss_img.php allows remote unauthenticated attackers to execute arbitrary SQL queries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in itsourcecode Content Management System 1.0 via topic_id parameter in /admin/update_ss_img.php allows remote unauthenticated attackers to execute arbitrary SQL queries.
Vulnerability
A SQL injection vulnerability exists in itsourcecode Content Management System version 1.0 in the file /admin/update_ss_img.php. The topic_id parameter is not sanitized before being used in SQL queries, allowing an attacker to inject malicious SQL statements. The vulnerability is remotely exploitable without authentication [2].
Exploitation
An attacker can exploit this vulnerability by sending a crafted GET request to /admin/update_ss_img.php with a malicious payload in the topic_id parameter. No prior authentication is required. The provided proof-of-concept demonstrates a UNION-based SQL injection that extracts data from the database [2].
Impact
Successful exploitation allows an attacker to execute arbitrary SQL queries, leading to unauthorized access to the database, sensitive data leakage, data tampering, and potentially full system compromise [2].
Mitigation
No official patch or updated version has been released by the vendor. As a workaround, administrators should restrict access to the /admin/ directory via server configuration or implement input sanitization for the topic_id parameter until a fix is available [2].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization on the topic_id parameter in /admin/update_ss_img.php allows SQL injection."
Attack vector
An attacker with valid login credentials sends a crafted GET request to `/admin/update_ss_img.php` with a malicious `topic_id` parameter. The application fails to sanitize or validate this input before using it in SQL queries, enabling UNION-based SQL injection [ref_id=1]. The attack is remotely exploitable over the network with low complexity and does not require authentication beyond a valid session cookie [ref_id=1].
Affected code
The vulnerability resides in `/admin/update_ss_img.php` of itsourcecode Content Management System V1.0. The `topic_id` GET parameter is passed unsanitized into a SQL query, allowing an authenticated attacker to inject arbitrary SQL [ref_id=1].
What the fix does
The advisory recommends using prepared statements and parameter binding to separate SQL code from user data, strict input validation (e.g., ensuring topic_id matches a numeric pattern), minimizing database user permissions, and conducting regular security audits [ref_id=1]. No patch has been published by the vendor.
Preconditions
- authAttacker must have valid login credentials and a session cookie (e.g., PHPSESSID) to access the admin endpoint.
- networkAttacker must be able to send HTTP GET requests to the vulnerable /admin/update_ss_img.php endpoint.
- inputThe topic_id parameter is user-controlled and not sanitized before use in SQL queries.
Reproduction
Send a GET request to `/admin/update_ss_img.php?topic_id=1' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a6b6271,0x5a694e46456d73517146734a796f55775a4d716943776c6c414e7278705676674f6a775369487250,0x7171767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -` with a valid session cookie. The server returns a UNION query result, confirming SQL injection [ref_id=1].
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6News mentions
0No linked articles in our index yet.