CVE-2026-1594
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Analysis
SQL injection in itsourcecode Society Management System 1.0's expense administration interface allows unauthenticated remote attackers to manipulate the detail parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from production networks and disable the /admin/add_expenses.php functionality if operationally feasible; audit recent expense transactions for unauthorized modifications. Within 7 days: Implement Web Application Firewall (WAF) rules to restrict access to the vulnerable endpoint and deploy input validation filters; conduct full access review of admin accounts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today