Medium severity6.3NVD Advisory· Published May 27, 2026· Updated May 28, 2026
CVE-2026-9607
CVE-2026-9607
Description
A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.0
Patches
Vulnerability mechanics
References
5News mentions
1- Itsourcecode: 10 SQLi and XSS Flaws Disclosed Across Three PHP ApplicationsVypr Intelligence · May 27, 2026