CVE-2026-2114
7.3 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical flaw in the itsourcecode Society Management System allows attackers to inject malicious SQL commands through the admin editing page. This is a serious issue because it can be exploited remotely with little effort.
Who is affected
All users running Society Management System version 1.0 are affected. A successful attacker could steal, modify, or delete sensitive data from the application's database.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, restrict network access to the admin panel and implement parameterized queries in the /admin/edit_admin.php file to prevent SQL injection.
Technical Description
A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74