Cyber Resilience

CVE-2026-7555

Medium

Published: 01 May 2026

Published
01 May 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7555 is a medium-severity Injection (CWE-74) vulnerability in Itsourcecode (inferred from references). Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7555 is a SQL injection vulnerability in itsourcecode Electronic Judging System 1.0, affecting an unknown part of the file /intrams/login.php through manipulation of the Username argument. Published on 2026-05-01T06:16:32.670, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs 74 and 89.

The vulnerability enables remote exploitation by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability.

Advisories and additional details are available via references including https://github.com/nidieaaa/test/issues/9, https://itsourcecode.com/, https://vuldb.com/submit/805852, https://vuldb.com/vuln/360363, and https://vuldb.com/vuln/360363/cti. The exploit is publicly available and might be used.

EU & UK References

Vulnerability details

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available…

more

and might be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes a remote SQL injection vulnerability in a public-facing web application login page (/intrams/login.php), enabling unauthenticated exploitation with limited impacts, which directly maps to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3150Shared CWE-74, CWE-89
CVE-2026-3746Shared CWE-74, CWE-89
CVE-2025-2683Shared CWE-74, CWE-89
CVE-2026-5238Shared CWE-74, CWE-89
CVE-2026-4288Shared CWE-74, CWE-89
CVE-2026-2220Shared CWE-74, CWE-89
CVE-2025-1535Shared CWE-74, CWE-89
CVE-2026-0597Shared CWE-74, CWE-89
CVE-2026-1688Shared CWE-74, CWE-89
CVE-2026-5018Shared CWE-74, CWE-89

Affected Assets

Itsourcecode
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by validating the Username input in /intrams/login.php against malicious SQL payloads.

prevent

Remediates the specific SQL injection flaw in itsourcecode Electronic Judging System 1.0 through timely patching.

detect

Vulnerability scanning detects the publicly disclosed SQL injection in login.php for prompt remediation.

References