Description
A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability was discovered in the edit_team.php script of itsourcecode Electronic Judging System version 1.0. The parameter num_id is not properly sanitized, allowing an attacker to inject arbitrary SQL statements. This flaw can be used to read, alter or delete data stored in the system’s database, compromising the confidentiality and integrity of the judged competitions.

Affected Systems

The flaw affects the Electronic Judging System application developed by itsourcecode, specifically version 1.0. It is present in the /admin/edit_team.php endpoint used for managing teams within the system.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, so current exploit prevalence is unclear. The flaw can be exploited remotely through a crafted HTTP request to the admin endpoint, and the exploit code has been made public, suggesting that attackers with moderate resources could attempt compromise.

Generated by OpenCVE AI on May 26, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-released patch or upgrade to the latest version of Electronic Judging System that addresses the SQL injection flaw.
  • Restrict remote access to the /admin/edit_team.php endpoint by configuring firewall rules or allowing only trusted IP addresses.
  • Implement input validation on the num_id parameter to ensure it is an integer and use parameterized SQL queries to prevent injection.

Generated by OpenCVE AI on May 26, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
Title itsourcecode Electronic Judging System edit_team.php sql injection
First Time appeared Itsourcecode
Itsourcecode electronic Judging System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:electronic_judging_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode electronic Judging System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Electronic Judging System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T12:36:03.537Z

Reserved: 2026-05-25T19:31:34.746Z

Link: CVE-2026-9526

cve-icon Vulnrichment

Updated: 2026-05-26T12:35:59.787Z

cve-icon NVD

Status : Received

Published: 2026-05-26T05:16:18.473

Modified: 2026-05-26T05:16:18.473

Link: CVE-2026-9526

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T07:30:35Z

Weaknesses