CVE-2026-2116
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
This is a high-severity SQL injection flaw in the Society Management System software. Attackers can remotely send malicious data to the system's admin panel to manipulate its database.
Who is affected
Any organization using itsourcecode Society Management System 1.0 is affected. An attacker could steal, modify, or delete sensitive data from the application's database.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, consider disabling or restricting access to the /admin/edit_expenses.php file as a temporary workaround.
Technical Description
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74