CVE-2026-2116
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in itsourcecode Society Management System 1.0's expense editing functionality allows unauthenticated remote attackers to manipulate the expenses_id parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate the affected system from production or restrict access to the /admin/edit_expenses.php endpoint via network controls; assess which user accounts have accessed this function. Within 7 days: Implement Web Application Firewall (WAF) rules to block suspicious requests to the vulnerable endpoint; conduct forensic review for unauthorized expense modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today