CVE-2026-7077: itsourcecode Courier Management System SQLi Exploited

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-7077: itsourcecode Courier Management System SQLi Exploited

The National Vulnerability Database has identified CVE-2026-7077, a high-severity SQL injection vulnerability impacting itsourcecode Courier Management System 1.0. The flaw resides in an unknown function within the /edit_parcel.php file, where manipulating the ID argument allows for remote SQL injection. This isn’t a theoretical issue; an exploit is publicly available and actively being used in the wild.

This vulnerability carries a CVSSv3.1 score of 7.3 (HIGH), with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. This means an unauthenticated attacker can exploit it over the network with low complexity, without user interaction, to achieve partial confidentiality, integrity, and availability impacts. The National Vulnerability Database highlights CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)) as the underlying weaknesses.

For defenders, this is a critical alert. Any organization using itsourcecode Courier Management System 1.0 is directly exposed. The public availability of an exploit drastically lowers the bar for attackers, making this an immediate threat. Attackers will leverage this to gain unauthorized access to sensitive parcel data, manipulate records, or potentially compromise the underlying database server.

What This Means For You

  • If your organization uses itsourcecode Courier Management System 1.0, you are vulnerable to CVE-2026-7077. Patch or mitigate this immediately. Audit your logs for any suspicious activity related to `/edit_parcel.php` and SQL errors. Assume compromise if you're running this software unpatched.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7077: itsourcecode Courier Management SQLi via edit_parcel.php

Sigma YAML — free preview 
title: CVE-2026-7077: itsourcecode Courier Management SQLi via edit_parcel.php
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
  Detects exploitation attempts against itsourcecode Courier Management System 1.0 via the edit_parcel.php file. The 'ID' parameter is manipulated to inject SQL commands, as indicated by common SQLi patterns like 'OR 1=1' or 'UNION SELECT'.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7077/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/edit_parcel.php'
      cs-uri-query|contains:
          - 'ID=';
          - 'OR 1=1';
          - 'UNION SELECT'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7077 SQLi itsourcecode Courier Management System 1.0
CVE-2026-7077 SQLi Vulnerable file: /edit_parcel.php
CVE-2026-7077 SQLi Vulnerable argument: ID

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 27, 2026 at 06:15 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7085 — The Function Z.Url Of The File Src/Routes/Setting/About/Down Path Traversal

CVE-2026-7085 — A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component...

vulnerabilityCVEmedium-severitypath-traversalcwe-22
/SCW Vulnerability Desk /MEDIUM /5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-7084 — HBAI-Ltd Toonflow-App Server-Side Request Forgery

CVE-2026-7084 — A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink...

vulnerabilityCVEmedium-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-7083 — Likeadmin-Likeshop Likeadmin_php SQL Injection

CVE-2026-7083 — A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma