Description
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability was identified in itsourcecode Electronic Judging System 1.0, specifically affecting the file /admin/edit_judge.php. By manipulating the judge_id parameter, an attacker can execute arbitrary SQL statements, allowing for read, write or delete operations on the database. This injection can compromise the confidentiality, integrity and availability of the system’s data, potentially exposing sensitive judge information and altering the outcome of submissions.

Affected Systems

The affected product is itsourcecode Electronic Judging System version 1.0, running on the /admin/edit_judge.php endpoint. No other versions or modules were enumerated as vulnerable in the available data.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, as the input can be supplied through HTTP requests to the affected endpoint. Public disclosures exist, so an attacker who knows the flaw can exploit it without additional privileges to compromise the underlying database.

Generated by OpenCVE AI on May 26, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a fixed version when it becomes available
  • If a patch is not immediately available, restrict access to the /admin directory to authorized users or specific IP addresses to reduce exposure
  • Validate and sanitize the judge_id parameter before it is incorporated into SQL queries; use parameterised statements or prepared statements to eliminate injection opportunities

Generated by OpenCVE AI on May 26, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title itsourcecode Electronic Judging System edit_judge.php sql injection
First Time appeared Itsourcecode
Itsourcecode electronic Judging System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:electronic_judging_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode electronic Judging System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Electronic Judging System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T03:00:14.584Z

Reserved: 2026-05-25T19:31:31.999Z

Link: CVE-2026-9525

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T04:16:27.797

Modified: 2026-05-26T04:16:27.797

Link: CVE-2026-9525

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T05:30:25Z

Weaknesses