CVE-2026-2690
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Analysis
SQL injection in itsourcecode Event Management System 1.0's admin login endpoint allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or compromise system integrity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate or take offline affected itsourcecode Event Management System instances; disable external access to /admin/ajax.php if the system must remain operational; enable logging on all admin access attempts. Within 7 days: Conduct a security audit of admin account activity for signs of unauthorized access; consider migrating to an alternative event management solution if one exists. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today