CVE-2026-2117
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Analysis
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the activity_id parameter in /admin/edit_activity.php, enabling data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from production networks if possible and disable access to /admin/edit_activity.php; audit access logs for suspicious activity. Within 7 days: Implement WAF rules to block malicious requests to the vulnerable endpoint and apply input validation controls; conduct a full security assessment of the application. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today