A vulnerability was found in itsourcecode Fees Management System 1.0 and classified as critical . Affected by this issue is some unknown functionality of the file /ajax.php . Executing a manipulation of the argument Username can lead to sql injection. This vulnerability appears as CVE-2026-10296 . The attack may be performed from remote. In addition, an exploit is available.