CVE-2026-1593

HIGH

Angeljudesuarez Society Management System - Injection

Title source: rule

Description

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

[Exploit, Issue Tracking, Mitigation, Third Party Advisory] https://github.com/yyzq-wsx/for_cve/issues/3

[Product] https://itsourcecode.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.343355

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.343355

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.740689

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-74 CWE-89

Status published

Affected Products (1)

angeljudesuarez/society_management_system

Timeline

Published Jan 29, 2026

Tracked Since Feb 18, 2026