CVE-2026-2867 MEDIUM

CVE-2026-2867: itsourcecode Vehicle Management System billaction.php sql injection

Vendor Itsourcecode

Product Vehicle Management System

Weakness CWE-89 · SQLi

Published February 21, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

February 21, 2026 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-2867

Related vulnerabilities

04Related CVE

CVE-2022-45808 WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection CVE-2022-0410 WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection CVE-2026-4850 code-projects Simple Laundry System Parameter checkregisitem.php sql injection CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection CVE-2024-37933 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated SQL Injection vulnerability