CVE-2026-2162 - Vulnerability Details

- itsourcecode News Portal Project aboutus.php sql injection

Description

A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Published: 2026-02-08

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the aboutus.php script of itsourcecode News Portal Project 1.0 allows an attacker to manipulate the pagetitle argument, resulting in a SQL injection that can read, modify, or delete data from the underlying database. The weakness stems from insufficient input validation and the use of raw SQL statements, as indicated by the presence of CWE-74 and CWE-89 identifiers. If exploited, an adversary could gain unauthorized access to sensitive information stored in the portal's database, potentially impacting confidentiality and integrity. The severity is reflected in a CVSS score of 5.1, representing a moderate risk when considered alongside other factors.

Affected Systems

The vulnerability is specific to the itsourcecode News Portal Project, version 1.0. The affected file is /admin/aboutus.php, which is exposed to the administrator interface. No other vendor or product versions are listed as impacted.

Risk and Exploitability

The reported exploitation is possible remotely, with publicly disclosed references indicating that attackers can trigger the injection from an external network. The EPSS score is less than 1%, suggesting a low likelihood of widespread exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. However, the path to exploitation remains straightforward: a remote user can supply a crafted pagetitle query parameter, causing the database to execute unintended SQL commands. Given the moderate CVSS score and the potential for data breach, organizations using this product should treat the issue as a moderate but actionable risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

itsourcecode

News Portal Project

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:clive_21:news_portal_project:1.0:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Itsourcecode	News Portal Project	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify whether a newer version of the News Portal Project is available and upgrade if a patch that addresses the SQL injection exists.
Restrict or temporarily disable remote access to /admin/aboutus.php until a fix is applied.
Modify the application code to validate the pagetitle input using a whitelist or to employ parameterized queries so that user-supplied data cannot alter SQL structure.

Generated by OpenCVE AI on April 18, 2026 at 13:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/Wzl731/test/issues/2
https://itsourcecode.com/
https://vuldb.com/?ctiid.344864
https://vuldb.com/?id.344864
https://vuldb.com/?submit.751083

History

Tue, 10 Feb 2026 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Clive 21 Clive 21 news Portal Project
CPEs		cpe:2.3:a:clive_21:news_portal_project:1.0:::::::*
Vendors & Products		Clive 21 Clive 21 news Portal Project

Mon, 09 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Itsourcecode Itsourcecode news Portal Project
Vendors & Products		Itsourcecode Itsourcecode news Portal Project

Sun, 08 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Title		itsourcecode News Portal Project aboutus.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://github.com/Wzl731/test/issues/2 https://itsourcecode.com/ https://vuldb.com/?ctiid.344864 https://vuldb.com/?id.344864 https://vuldb.com/?submit.751083
Metrics		cvssV2_0 `{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Clive 21 News Portal Project

Itsourcecode News Portal Project

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T16:02:10.233Z

Updated: 2026-02-23T09:44:14.635Z

Reserved: 2026-02-07T09:03:07.530Z

Link: CVE-2026-2162

Vulnrichment

Updated: 2026-02-09T21:15:06.958Z

NVD

Status : Analyzed

Published: 2026-02-08T16:15:51.557

Modified: 2026-02-10T13:52:04.860

Link: CVE-2026-2162

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T13:15:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object