CVE-2026-9607
Itsourcecode Courier Management System 1.0 contains a SQL injection in /parcel_list.php triggered by manipulating the s argument. This is exploitable remotely over the network with low privileges and no user interaction, per the published CVE details. The connected documents confirm an in-the-wil...