CVE-2026-10256

Name of the Vulnerable Software and Affected Versions itsourcecode Content Management System version 1.0

Description An issue exists in the /save comment.php endpoint where the manipulation of the Name argument allows for SQL injection, which is a technique used to execute malicious SQL statements that control a database server. This flaw enables remote exploitation.

Recommendations As a temporary workaround, avoid using the Name parameter in the /save comment.php endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.