CVE-2026-10237

Name of the Vulnerable Software and Affected Versions SourceCodester Water Billing Management System version 1.0

Description An issue exists in the User Management Module within the file '/admin/?page=user/manage user'. Manipulation of the ID argument allows for SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database. This flaw enables remote exploitation.

Recommendations Update SourceCodester Water Billing Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/admin/?page=user/manage user' endpoint or avoid using the ID parameter until a fix is applied.