Description
A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-01-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the example Content Management System’s delete.php handler, where an attacker can manipulate the del parameter to inject arbitrary SQL code. This flaw is a classic SQL injection, classified as CWE‑74 (Improper Parsing of Input) and CWE‑89 (SQL Injection). When exploited, the attacker can read, modify, or delete data in the database, potentially compromising the confidentiality, integrity, and availability of the application’s information. The issue permits remote exploitation, meaning an attacker does not need local access to the host machine.

Affected Systems

The affected product is code‑projects Content Management System, version 1.0, as identified by the vendor and CPE entries. No additional compatible versions are listed in the available data.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate severity, and the EPSS score of less than 1% shows a very low probability of widespread exploitation at present. The vulnerability is not listed in CISA’s KEV catalog, suggesting no known active exploits at the time of this analysis. The attacker can exploit the flaw remotely by sending a specially crafted request to /admin/delete.php with a malicious del parameter, which will be executed directly against the back‑end database.

Generated by OpenCVE AI on April 18, 2026 at 08:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Content Management System to the latest patched release if one is available.
  • Modify delete.php to use parameterized SQL queries or prepared statements, ensuring the del argument is safely escaped or bound.
  • Implement access controls so that only authenticated administrators can reach /admin/delete.php, and consider rate limiting or IP whitelisting for additional protection.

Generated by OpenCVE AI on April 18, 2026 at 08:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CPEs cpe:2.3:a:code-projects:content_management_system:*:*:*:*:*:*:*:*

Tue, 13 Jan 2026 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*

Tue, 06 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects content Management System
Vendors & Products Code-projects
Code-projects content Management System

Fri, 02 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Title code-projects Content Management System delete.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Content Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:09:29.079Z

Reserved: 2026-01-02T07:52:02.128Z

Link: CVE-2026-0565

cve-icon Vulnrichment

Updated: 2026-01-05T20:45:30.599Z

cve-icon NVD

Status : Modified

Published: 2026-01-02T14:15:52.880

Modified: 2026-02-23T09:16:30.970

Link: CVE-2026-0565

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:45:41Z

Weaknesses