Medium severity4.7NVD Advisory· Published May 2, 2026· Updated May 5, 2026
CVE-2026-7612
CVE-2026-7612
Description
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
30- Here’s how the FTC plans to enforce the Take It Down ActCyberScoop · May 15, 2026
- Microsoft to automatically roll back faulty Windows driversBleepingComputer · May 15, 2026
- TeamPCP hackers advertise Mistral AI code repos for saleBleepingComputer · May 14, 2026
- ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ StoriesThe Hacker News · May 14, 2026
- US bank reports itself after slinging customer data at 'unauthorized AI app'The Register Security · May 12, 2026
- GM agrees to $12.75M California settlement over sale of drivers’ dataBleepingComputer · May 11, 2026
- Why we use CAPTCHAs, (Mon, May 11th)SANS Internet Storm Center · May 11, 2026
- Canvas System Is Online After a Cyberattack Disrupted Thousands of SchoolsSecurityWeek · May 11, 2026
- ShinyHunters Claims Second Attack Against InstructureDark Reading · May 8, 2026
- Cyberattack Hits Canvas System Used by Thousands of Schools as Finals LoomSecurityWeek · May 8, 2026
- The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now OpenThe Hacker News · May 6, 2026
- Attackers Actively Exploiting Critical Vulnerability in Breeze Cache PluginWordfence Blog · May 5, 2026
- FTC to ban data broker Kochava from selling Americans’ location dataBleepingComputer · May 5, 2026
- They don’t hack, they borrow: How fraudsters target credit unionsBleepingComputer · May 4, 2026
- Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for monthsHelp Net Security · May 3, 2026
- 30,000 Facebook Accounts Hacked via Google AppSheet Phishing CampaignThe Hacker News · May 1, 2026
- Name That Toon: Mark of (Security) ProgressDark Reading · May 1, 2026
- Danger of Libredtail [Guest Diary], (Wed, Apr 29th)SANS Internet Storm Center · Apr 30, 2026
- DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'Dark Reading · Apr 22, 2026
- Kyber Ransomware Double Trouble: Windows and ESXi Attacks ExplainedRapid7 Blog · Apr 21, 2026
- Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)Unit 42 · Apr 17, 2026
- Introducing the Agent Readiness score. Is your site agent-ready?Cloudflare Blog · Apr 17, 2026
- A Deep Dive Into Attempted Exploitation of CVE-2023-33538Unit 42 · Apr 16, 2026
- Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload PluginWordfence Blog · Apr 16, 2026
- Attackers Actively Exploiting Critical Vulnerability in Kali Forms PluginWordfence Blog · Apr 13, 2026
- OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' ConcernsInfosecurity Magazine · Mar 26, 2026
- CISA Issues Emergency Directive Over Exploited Cisco SD-WAN FlawsInfosecurity Magazine · Mar 12, 2026
- SenseLive X3050CISA Alerts
- FIRESTARTER BackdoorCISA Alerts
- Siemens SIMATICCISA Alerts