Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
itsourcecode Document Management System allows attackers to manipulate user data
CVE-2026-3068
Summary
The itsourcecode Document Management System, version 1.0, has a weakness in its /deluser.php file. This means an attacker could potentially access or modify sensitive user data. We recommend updating to a fixed version as soon as possible to prevent unauthorized access.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| admerc | document_management_system | 1.0 | – |
Original title
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead ...
Original description
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://github.com/ltranquility/cve_submit/issues/4 Exploit Issue Tracking Mitigation Third Party Advisory
- https://itsourcecode.com/ Product
- https://vuldb.com/?ctiid.347423 Permissions Required VDB Entry
- https://vuldb.com/?id.347423 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.757742 Third Party Advisory VDB Entry
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026