Vulnerabilities ›

CVE-2026-9528

High

CWE-74 — Weakness Type

                    Published: May 26, 2026                      ·  Modified: Jun 2, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

🤖 AI Executive Summary

CVE-2026-9528 is a SQL injection vulnerability in itsourcecode Electronic Judging System 1.0 affecting the /admin/delete_judge.php file through the judge_id parameter. Remote attackers can exploit this vulnerability without authentication, with public exploits already available.

📄 Description (Arabic)

ثغرة حقن SQL في نظام الحكم الإلكتروني من itsourcecode الإصدار 1.0 تؤثر على ملف /admin/delete_judge.php. يمكن للمهاجمين البعيدين استغلال هذه الثغرة من خلال معامل judge_id دون الحاجة للمصادقة، مع توفر استغلالات عامة.

🤖 ملخص تنفيذي (AI)

A SQL injection flaw exists in itsourcecode Electronic Judging System 1.0 in the admin delete_judge.php function allowing remote code execution. The vulnerability is exploitable via the judge_id parameter and poses significant risk to judicial systems.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking

🎯 MITRE ATT&CK Techniques

T1190 T1110 T1021

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update itsourcecode Electronic Judging System to the latest patched version. Implement input validation and parameterized queries for all database operations. Apply Web Application Firewall (WAF) rules to block SQL injection patterns. Conduct security audit of all admin functions and restrict access to /admin/ directory using strong authentication and IP whitelisting.

🔧 خطوات المعالجة (العربية)

قم بتحديث نظام itsourcecode للحكم الإلكتروني إلى أحدث إصدار معدل فوراً. طبق التحقق من صحة المدخلات والاستعلامات المعاملة لجميع عمليات قاعدة البيانات. طبق قواعد جدار حماية تطبيقات الويب لحجب أنماط حقن SQL. أجرِ تدقيقاً أمنياً لجميع الوظائف الإدارية وقيد الوصول إلى مجلد /admin/ باستخدام المصادقة القوية وقائمة بيضاء للعناوين.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.9.2.1 A.9.4.3 A.13.1.1

🔵 SAMA CSF

ID.RA-1 PR.AC-1 PR.DS-2

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3 A.13.1.1 A.14.2.1

🔗 References & Sources 5

🔗

https://github.com/zulu225588/zulu-loudong/issues/4

cna@vuldb.com

🔗

https://itsourcecode.com/

cna@vuldb.com

🔗

https://vuldb.com/submit/814738

cna@vuldb.com

🔗

https://vuldb.com/vuln/365547

cna@vuldb.com

🔗

https://vuldb.com/vuln/365547/cti

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-74

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-05-26

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9528

Introduce Yourself

Sign In Required