CVE-2026-2116

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0

Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit expenses.php file, specifically through manipulation of the expenses id argument within an unknown function. The exploit has been publicly disclosed.

Recommendations Apply any available updates to address the SQL injection issue in the /admin/edit expenses.php file. As a temporary workaround, restrict access to the /admin/edit expenses.php file. Sanitize the expenses id input to prevent SQL injection attacks.