CVE-2026-7555
Published: 01 May 2026
Summary
CVE-2026-7555 is a medium-severity Injection (CWE-74) vulnerability in Itsourcecode (inferred from references). Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-7555 is a SQL injection vulnerability in itsourcecode Electronic Judging System 1.0, affecting an unknown part of the file /intrams/login.php through manipulation of the Username argument. Published on 2026-05-01T06:16:32.670, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs 74 and 89.
The vulnerability enables remote exploitation by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability.
Advisories and additional details are available via references including https://github.com/nidieaaa/test/issues/9, https://itsourcecode.com/, https://vuldb.com/submit/805852, https://vuldb.com/vuln/360363, and https://vuldb.com/vuln/360363/cti. The exploit is publicly available and might be used.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26481
Vulnerability details
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available…
more
and might be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote SQL injection vulnerability in a public-facing web application login page (/intrams/login.php), enabling unauthenticated exploitation with limited impacts, which directly maps to T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection by validating the Username input in /intrams/login.php against malicious SQL payloads.
Remediates the specific SQL injection flaw in itsourcecode Electronic Judging System 1.0 through timely patching.
Vulnerability scanning detects the publicly disclosed SQL injection in login.php for prompt remediation.