itsourcecode Society Management System edit_expenses.php sql injection

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Problem type

Affected products

itsourcecode

Society Management System

1.0 - AFFECTED

References

VDB-344691 | itsourcecode Society Management System edit_expenses.php sql injection

https://vuldb.com/?id.344691

vdb-entrytechnical-description

VDB-344691 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344691

signaturepermissions-required

Submit #746798 | itsourcecode Society Management System V1.0 SQL injection

https://vuldb.com/?submit.746798

third-party-advisory

github.com

https://github.com/zpf7029/oblong/issues/1

exploitissue-tracking

itsourcecode.com

https://itsourcecode.com/

product

GitHub Security Advisories

GHSA-2hfg-6q5v-4492

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an...

https://github.com/advisories/GHSA-2hfg-6q5v-4492

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2116

github.com

https://github.com/zpf7029/oblong/issues/1

itsourcecode.com

https://itsourcecode.com

vuldb.com

https://vuldb.com/?ctiid.344691

vuldb.com

https://vuldb.com/?id.344691

vuldb.com

https://vuldb.com/?submit.746798

github.com

https://github.com/advisories/GHSA-2hfg-6q5v-4492

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2116

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2116",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T23:02:07.444Z",
    "dateReserved": "2026-02-06T14:41:00.785Z",
    "datePublished": "2026-02-07T23:02:07.444Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T23:02:07.444Z"
      },
      "title": "itsourcecode Society Management System edit_expenses.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "itsourcecode",
          "product": "Society Management System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344691",
          "name": "VDB-344691 | itsourcecode Society Management System edit_expenses.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344691",
          "name": "VDB-344691 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.746798",
          "name": "Submit #746798 | itsourcecode Society Management System V1.0 SQL injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/zpf7029/oblong/issues/1",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://itsourcecode.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T15:46:11.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "oblong (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}