Description
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Published: 2026-05-24
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Affected is an undisclosed component of login.php in Electronic Judging System 1.0. The Username field is unsanitized and inserted directly into a SQL statement, enabling SQL injection. An attacker can send a crafted payload to intrams/admin/login.php, bypass authentication or extract sensitive data, leading to potential system compromise. This reflects CWE-74 and CWE-89 weaknesses.

Affected Systems

Products impacted are itsourcecode’s Electronic Judging System version 1.0. The vulnerability resides in the admin login module, specifically the login.php script. No other versions or products are currently reported as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk, and the vulnerability is remotely exploitable via HTTP POST or GET. Although EPSS is not available, the public disclosure and lack of a patch increase the likelihood of attacks. The vulnerability is not listed in CISA KEV, but the presence of the flaw and the ease of exploitation warrant monitoring.

Generated by OpenCVE AI on May 24, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch or upgrade to a version where the login script uses parameterized queries.
  • Restrict access to the intrams/admin directory through web server ACLs or firewall rules.
  • Implement input validation and sanitization for all fields, especially Username, to prevent SQL injection.
  • Deploy a Web Application Firewall or intrusion detection rules targeting typical SQL injection patterns.

Generated by OpenCVE AI on May 24, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Title itsourcecode Electronic Judging System login.php sql injection
First Time appeared Itsourcecode
Itsourcecode electronic Judging System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:electronic_judging_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode electronic Judging System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Electronic Judging System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T13:15:10.050Z

Reserved: 2026-05-23T15:00:32.375Z

Link: CVE-2026-9383

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T15:30:02Z

Weaknesses