A vulnerability, which was classified as critical , has been found in SourceCodester Water Billing Management System 1.0 . Impacted is an unknown function of the file /admin/?page=user/manage_user of the component User Management Module . Performing a manipulation of the argument ID results in sql injection. This vulnerability is known as CVE-2026-10237 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.