{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26891", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-03T20:26:57.484Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:20:31.687Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-1.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T20:23:42.919143Z", "id": "CVE-2026-26891", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:26:57.484Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26891", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T20:23:42.919143Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:23:34.022Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-1.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:20:31.687Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26891", "state": "PUBLISHED", "dateUpdated": "2026-03-03T20:26:57.484Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:simple_logistic_hub_parcel\\'s_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB4B74CA-C989-4BD5-A5ED-031199D89B69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php."}], "id": "CVE-2026-26891", "lastModified": "2026-03-04T03:53:24.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-03T20:16:49.107", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-1.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "logistic_hub_parcels_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-18T17:31:13.273440+00:00", "value": {"mitigation_remediation": ["Validate and sanitize all user input before incorporating it into SQL statements or, preferably, use prepared statements with bound parameters.", "Restrict access to /manage_parcel_type.php by enforcing authentication and ensuring only authorized users can interact with this endpoint.", "Deploy a web application firewall or intrusion detection system configured to block or alert on suspicious SQL injection patterns."], "summary": {"action": "Apply Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The product affected is Sourcecodester Simple Logistic Hub Parcel's Management System v1.0. No additional vendor or version information is provided.", "description_and_impact": "This vulnerability arises from unfiltered user input in the /manage_parcel_type.php page of Sourcecodester Simple Logistic Hub Parcel's Management System version 1.0, allowing attackers to inject arbitrary SQL commands. The flaw classifies as SQL Injection (CWE-89) and could let an attacker read, modify or delete database contents, compromising confidentiality and integrity. Although the CVSS score indicates low severity, the potential to alter critical data remains significant for affected deployments. The CVSS score of 2.7 indicates limited impact, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be the web interface /manage_parcel_type.php where user\u2011supplied data is not properly sanitized.", "risk_and_exploitability": "With a CVSS score of 2.7, the vulnerability presents low risk. The EPSS score of <1% indicates a very low probability of exploitation, and it is not a known exploited vulnerability according to current KEV data. Based on the description, it is inferred that the exploitation requires sending crafted HTTP requests to /manage_parcel_type.php, allowing an attacker to inject SQL statements that may read or modify the database."}}}}, "created": "2026-03-04T21:04:18.955845+00:00", "title": "SQL Injection in Simple Logistic Hub Parcel's Management System /manage_parcel_type.php", "updated": "2026-04-18T17:45:06.045063+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$logistic_hub_parcels_management_system"]}