{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26892", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-11T15:13:46.579Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:22:17.692Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T20:25:17.604965Z", "id": "CVE-2026-26892", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:13:46.579Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26892", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T20:25:17.604965Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:25:27.803Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:22:17.692Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26892", "state": "PUBLISHED", "dateUpdated": "2026-03-11T15:13:46.579Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:simple_logistic_hub_parcel\\'s_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB4B74CA-C989-4BD5-A5ED-031199D89B69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php."}, {"lang": "es", "value": "El Sistema de Gesti\u00f3n de Paquetes Logistic Hub de Sourcecodester v1.0 es vulnerable a inyecci\u00f3n SQL en /manage_carrier.PHP."}], "id": "CVE-2026-26892", "lastModified": "2026-03-11T16:16:39.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-03T20:16:49.220", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-logistic-hub-parcels-management-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "v1.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "logistic_hub_parcels_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-16T05:46:54.109894+00:00", "value": {"mitigation_remediation": ["Implement input validation and use parameterized queries or stored procedures in the /manage_carrier.php code to prevent unsanitized SQL construction.", "Configure the database user that the application uses with the least privileges, limiting it to only the necessary SELECT, INSERT, UPDATE, and DELETE right on the required tables.", "Update or patch the application to a version where this vulnerability is fixed, or apply the vendor\u2019s recommended remediation if available."], "summary": {"action": "Assess Impact", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "The affected system is the Simple Logistic Hub Parcel\u2019s Management System, version 1.0, as distributed by oretnom23. No other vendors or products are listed.", "description_and_impact": "Simple Logistic Hub Parcel\u2019s Management System version 1.0 contains a SQL Injection vulnerability in the /manage_carrier.php script. Unvalidated input may allow an attacker to inject arbitrary SQL, potentially retrieving, modifying, or deleting data in the underlying database. The vulnerability carries a low CVSS score of 2.7, indicating limited impact if accessed only locally or under specific conditions, but still poses a risk of data leakage or accidental corruption.", "risk_and_exploitability": "The EPSS score is below 1\u202f%, suggesting a very low probability of exploitation in the wild, and the issue is not currently tracked in CISA\u2019s KEV catalog. Based on the description, the most likely attack vector is a web\u2011based interface that accepts unfiltered user input in /manage_carrier.php. If an attacker can submit crafted requests to this endpoint, they could manipulate the SQL statements executed by the application. Though the reported severity is low, any deployment of the unchanged application remains susceptible."}}}}, "created": "2026-03-04T21:04:18.122618+00:00", "updated": "2026-04-16T06:00:10.114050+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$logistic_hub_parcels_management_system"]}