Home / Vulnerability Intelligence / CVE-2026-26891

CVE-2026-26891 - Vulnerability Analysis

LowCVSS: 2.7

Last Updated: March 4, 2026

Sourcecodester Logistic Hub Parcel's Management System - SQL Injection

Published: March 3, 2026Updated: March 4, 2026PoC AvailableRemote Exploitable

Overview

Sourcecodester Logistic Hub Parcel's Management System v1.0 contains a sql injection caused by unsanitized input in /manage_parcel_type.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted request.

Severity & Score

Severity: Low

CVSS Score: 2.7

Impact

Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or full database compromise.

Mitigation

Update to the latest version or apply patches to sanitize inputs in /manage_parcel_type.php.

References

https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-1.md

Related Resources

Details

CVE ID: CVE-2026-26891
Severity: Low
CVSS Score: 2.7
Type: sql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N