{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-9526/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9526"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Electronic Judging System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-9526","web-application"],"_cs_type":"advisory","_cs_vendors":["itsourcecode"],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-9526, has been discovered in itsourcecode Electronic Judging System version 1.0. This vulnerability specifically affects the \u003ccode\u003e/admin/edit_team.php\u003c/code\u003e file. By manipulating the \u003ccode\u003enum_id\u003c/code\u003e argument, a remote attacker can inject arbitrary SQL commands into the application\u0026rsquo;s database queries. The vulnerability has been made public, increasing the risk of exploitation. This poses a significant threat to organizations using the affected software as it can lead to unauthorized data access, modification, or deletion. The base CVSS v3.1 score is rated as 7.3 (HIGH).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable instance of itsourcecode Electronic Judging System 1.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/admin/edit_team.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003enum_id\u003c/code\u003e parameter within the HTTP request\u0026rsquo;s query string or POST data.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the input, allowing the injected SQL code to be passed to the database server.\u003c/li\u003e\n\u003cli\u003eThe database server executes the attacker-controlled SQL code.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive information from the database, such as usernames, passwords, or judging data.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies data within the database, potentially altering judging results or compromising user accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control over the application and underlying server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-9526) can lead to severe consequences, including unauthorized access to sensitive judging data, manipulation of results, and complete compromise of the affected system. The number of victims is currently unknown but could impact any organization using the vulnerable version of itsourcecode Electronic Judging System. This could result in significant reputational damage, financial losses, and legal repercussions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization to the \u003ccode\u003enum_id\u003c/code\u003e parameter in \u003ccode\u003e/admin/edit_team.php\u003c/code\u003e to prevent SQL injection (CVE-2026-9526).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect potential exploitation attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) rule to block requests containing SQL injection payloads directed at \u003ccode\u003e/admin/edit_team.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRestrict access to the \u003ccode\u003e/admin/edit_team.php\u003c/code\u003e endpoint to authorized personnel only.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting the \u003ccode\u003e/admin/edit_team.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:27:35Z","date_published":"2026-05-26T14:27:35Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9526-sql-injection/","summary":"A SQL injection vulnerability exists in itsourcecode Electronic Judging System version 1.0, specifically affecting the /admin/edit_team.php file, where an attacker can remotely manipulate the 'num_id' argument to execute arbitrary SQL commands.","title":"CVE-2026-9526: SQL Injection Vulnerability in itsourcecode Electronic Judging System","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9526-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-9526","version":"https://jsonfeed.org/version/1.1"}