SQL Injection Vulnerability in User Management Module of SourceCodester Water Billing Management System
CVE-2026-10237

5.1MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Water Billing Management System
Vendor
CVE Published:
1 June 2026

What is CVE-2026-10237?

A vulnerability exists in the User Management Module of the SourceCodester Water Billing Management System 1.0. Specifically, the function handling user management located at /admin/?page=user/manage_user allows for SQL injection attacks through manipulation of the argument ID. This flaw enables remote attackers to execute arbitrary SQL commands, potentially compromising sensitive data. As the exploit is publicly available, immediate action is recommended to secure affected implementations.

Affected Version(s)

Water Billing Management System 1.0

References

https://vuldb.com/vuln/367516
vdb-entrytechnical-description
https://vuldb.com/vuln/367516/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10237
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

renzortega1337 (VulDB User)
.