ITSOURCECODE Society Management System 1.0 SQL Injection in delete_expenses.php (CVE-2026-2115)

Critical Vulnerability Information Vulnerability Name: ITSOURCECODE Society Management System 1.0 delete_expenses.php expenses_id SQL Injection CVE ID: CVE-2026-2115 CVSS Meta Temp Score: 6.9 Current Exploit Price: $0-$5k CTI Interest Score: 1.57 Summary A vulnerability classified as "Critical" has been discovered in itsourcecode Society Management System 1.0. The affected component is an unknown function within the file /admin/delete_expenses.php. Manipulation of the parameter leads to an SQL Injection vulnerability. This vulnerability is referenced as CVE-2026-2115. The attack can be initiated remotely. Additionally, exploit tools are already available. Details A vulnerability has been identified in itsourcecode Society Management System 1.0. The issue is rated as Critical. The affected component is an unknown section within the file /admin/delete_expenses.php. The use of unknown input to manipulate the parameter results in an SQL Injection vulnerability. The issue is declared using CWE, resulting in CWE-89. The product constructs SQL commands, in whole or in part, using input from upstream components, but does not neutralize or improperly neutralizes special elements that could alter the intended SQL command when sent to downstream components. The impact affects confidentiality, integrity, and availability. There are suggestions available on GitHub. This vulnerability is tracked as CVE-2026-2115. Known exploitation is considered easy. The attack can be launched remotely. No authentication is required to exploit the vulnerability. Technical details and publicly available exploit tools are known. This vulnerability is assigned to MITRE ATT&CK technique T1505.

Goal Reached Thanks to every supporter — we hit 100%!

ITSOURCECODE Society Management System 1.0 SQL Injection in delete_expenses.php (CVE-2026-2115)