Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
itsourcecode Event Management System 1.0: SQL Injection Risk
CVE-2026-2691
Summary
A security flaw in itsourcecode Event Management System 1.0 allows an attacker to manipulate data in the system by exploiting a weakness in a file called /admin/manage_register.php. This could lead to unauthorized access to sensitive information. Users of this system should update to the latest version to prevent potential attacks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| admerc | event_management_system | 1.0 | – |
Original title
A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the arg...
Original description
A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://github.com/ltranquility/CVE/issues/40 Exploit Issue Tracking Mitigation Third Party Advisory
- https://itsourcecode.com/ Product
- https://vuldb.com/?ctiid.346491 Permissions Required VDB Entry
- https://vuldb.com/?id.346491 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754240 Third Party Advisory VDB Entry
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026