CVE-2026-2217
7.3 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical flaw in the Event Management System 1.0 allows attackers to inject malicious code into its database through the user management page. This matters because it lets unauthorized users steal or tamper with sensitive event and user data.
Who is affected
All deployments of itsourcecode Event Management System 1.0 are affected. An attacker could remotely steal the entire database, including user credentials, or take control of the admin panel.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, consider disabling or strictly restricting access to the `/admin/` directory and use parameterized queries to rewrite the `manage_user.php` code.
Technical Description
A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manage_user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74