支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2026-1119 基础信息
漏洞信息
                                        # Society Management System delete_activity.php SQL注入漏洞

## 概述
A SQL injection vulnerability exists in itsourcecode Society Management System 1.0, specifically within the `/admin/delete_activity.php` file.

## 影响版本
1.0

## 细节
The vulnerability is triggered by manipulating the `activity_id` parameter passed to an unknown function in `/admin/delete_activity.php`, allowing SQL injection attacks. The flaw enables remote exploitation without authentication.

## 影响
Remote attackers can execute arbitrary SQL commands, potentially leading to data theft, data manipulation, or full system compromise. A public exploit is available, increasing the risk of active exploitation.
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
itsourcecode Society Management System delete_activity.php sql injection
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
来源:美国国家漏洞数据库 NVD
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2026-1119 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2026-1119 的情报信息

  • 标题: itsourcecode Society Management System Project V1.0 /admin/delete_activity.php SQL injection · Issue #1 · AriazzzZ/CVE -- 🔗来源链接

    标签:exploitissue-tracking

    神龙速读:
                                            **Vulnerability Details:**

- **Product:** Society Management System
- **Vendor:** https://itsourcecode.com/free-projects/php-project/society-management-system-project-in-php-free-download/
- **Vulnerable File:** /admin/delete_activity.php
- **Version:** V1.0
- **Vulnerability Type:** SQL Injection
- **Root Cause:** Insufficient user input validation for the 'activity_id' parameter allows malicious SQL code injection.
- **Impact:** Unauthorized database access, sensitive data leakage, data tampering, and service interruption.
- **Description:** Critical SQL injection vulnerability in /admin/delete_activity.php allows attackers to inject malicious SQL queries without proper validation or sanitization of the 'activity_id' parameter.
- **POC:** 
    - Parameter: activity_id (GET)
    - Payload: activity_id=2' RLIKE (SELECT (CASE WHEN (3804=3804) THEN 2 ELSE 0x28 END))-- AiDD
    - Payload: activity_id=2' AND 6596=BENCHMARK(5000000,MD5(0x4f724952))-- spQb
- **Suggested Repair:**
    1. Use prepared statements and parameter binding.
    2. Implement input validation and filtering.
    3. Minimize database user permissions.
    4. Conduct regular security audits.
    itsourcecode Society Management System Project V1.0 /admin/delete_activity.php SQL injection · Issue #1 · AriazzzZ/CVE

  • 标题: Itsourcecode.com - Partner In Your Coding Journey! -- 🔗来源链接

    标签:product

    Itsourcecode.com - Partner In Your Coding Journey!

  • 标题: Login required -- 🔗来源链接

    标签:signaturepermissions-required

    神龙速读:
                                            以下是简洁的markdown格式展示从这个网页截图中获取到的关于漏洞的关键信息:

```
### 漏洞信息
- **VDB ID:** VDB-341711
- **CVE ID:** CVE-2026-1119
- **EUVD ID:** EUVD-2026-3178
- **漏洞类型:** SQL Injection
- **受影响产品:** Itsourcecode Society Management System 1.0
- **受影响文件:** delete_activity.php
- **受影响参数:** activity_id

### 注意事项
- **访问限制:** 需要登录才能查看详细信息。
```
    Login required

  • 标题: Submit #734290: itsourcecode Society Management System V1.0 SQL injection -- 🔗来源链接

    标签:third-party-advisory

    神龙速读:
                                            ### 关键漏洞信息

- **Title**: itsourcecode Society Management System V1.0 SQL injection
- **Description**:
  - A critical SQL injection vulnerability was found in the `"/admin/delete_activity.php"` file.
  - The vulnerability arises from insufficient user input validation of the `activity_id` parameter.
  - This allows attackers to inject malicious SQL queries, leading to unauthorized access, data modification, deletion, and sensitive information leakage.
  - Immediate remediation is required to ensure system security and protect data integrity.
- **Source**: [https://github.com/Ariaazzzz/CVE/issues/1](https://github.com/Ariaazzzz/CVE/issues/1)
- **User**: shuyi123 (UID 94274)
- **Submission Date**: 01/08/2026 10:21 AM
- **Moderation Date**: 01/17/2026 07:11 PM
- **Status**: Accepted
- **VulDB Entry**: 341711
- **Points**: 20
    Submit #734290: itsourcecode Society Management System V1.0 SQL injection
  • https://vuldb.com/?id.341711vdb-entrytechnical-description
  • https://nvd.nist.gov/vuln/detail/CVE-2026-1119
四、漏洞 CVE-2026-1119 的评论

暂无评论

发表评论