itsourcecode Electronic Judging System 1.0 SQL Injection (CVE-2026-7555)
The National Vulnerability Database has disclosed CVE-2026-7555, a high-severity SQL injection vulnerability affecting itsourcecode Electronic Judging System 1.0. This flaw resides in an unspecified part of the /intrams/login.php file, specifically exploitable through manipulation of the Username argument.
This is a critical remote attack vector. The exploit is publicly available, meaning active exploitation is highly probable. SQL injection vulnerabilities like this often lead to unauthorized data access, manipulation, or even full system compromise, depending on the underlying database privileges.
Organizations utilizing itsourcecode Electronic Judging System 1.0 should consider this an immediate threat. Given the public exploit and remote attack surface, the attacker’s calculus here is low-effort, high-reward. Defenders need to assume compromise if unpatched and prioritize mitigation.
What This Means For You
- If your organization uses itsourcecode Electronic Judging System 1.0, you are directly exposed to CVE-2026-7555. Prioritize patching or implementing compensating controls immediately. Audit logs for suspicious activity around `/intrams/login.php` and any database access from the application.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7555 - itsourcecode EJS Login SQL Injection
title: CVE-2026-7555 - itsourcecode EJS Login SQL Injection
id: scw-2026-05-01-ai-1
status: experimental
level: critical
description: |
Detects the specific SQL injection exploit targeting the Username parameter in the itsourcecode Electronic Judging System 1.0 login page (/intrams/login.php) as described in CVE-2026-7555. This rule looks for common SQL injection payloads within the URI query string when accessing the login script.
author: SCW Feed Engine (AI-generated)
date: 2026-05-01
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7555/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/intrams/login.php'
cs-uri-query|contains:
- "Username=' OR '1'='1'"
- "Username=admin' OR '1'='1'"
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7555 | SQLi | itsourcecode Electronic Judging System 1.0 |
| CVE-2026-7555 | SQLi | Vulnerable file: /intrams/login.php |
| CVE-2026-7555 | SQLi | Vulnerable parameter: Username |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 01, 2026 at 09:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7554 — A vulnerability was determined in D-Link M60 up to 1.20B02.
CVE-2026-7554 — A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This...
CVE-2026-6127 — Cross-Site Scripting (XSS)
CVE-2026-6127 — The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and...
CVE-2024-13362 — Cross-Site Scripting (XSS)
CVE-2024-13362 — Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input...