Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
itsourcecode Document Management System SQL Injection Risk
CVE-2026-3153
Summary
A flaw in itsourcecode Document Management System's registration function could allow hackers to manipulate data. This could happen if a malicious user enters specially crafted text in the username field. Users and administrators of itsourcecode Document Management System should update to the latest version to fix this security issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| admerc | document_management_system | 1.0 | – |
Original title
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql inj...
Original description
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://github.com/ltranquility/CVE/issues/42 Exploit Third Party Advisory
- https://itsourcecode.com/ Product
- https://vuldb.com/?ctiid.347661 Permissions Required VDB Entry
- https://vuldb.com/?id.347661 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.758831 Third Party Advisory VDB Entry
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026