Description
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Remote SQL Injection
Action: Patch Now
AI Analysis

Impact

A flaw in the delete_photos.php endpoint of code-projects Social Networking Site 1.0 allows an attacker to manipulate the ID argument and inject arbitrary SQL. The vulnerability is an SQL injection (CWE‑74 and CWE‑89) that can be triggered remotely, potentially exposing, altering, or deleting data in the site’s database.

Affected Systems

The vulnerability affects the code-projects Social Networking Site, version 1.0, specifically the delete_photos.php endpoint. The exact function impacted is not detailed, but any request that supplies an ID parameter to this endpoint is at risk.

Risk and Exploitability

With a CVSS score of 5.3, the flaw qualifies as medium severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, but the exploit has been released publicly, indicating that attackers can deploy it without needing a bespoke tool. Because the attack vector is remote and relies only on crafted input, it does not require privileged access or local execution.

Generated by OpenCVE AI on March 27, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any vendor-released security patch or upgrade to a newer version of the Social Networking Site.
  • If no patch is available, modify the delete_photos.php code to validate the ID parameter as a numeric value and use prepared statements to prevent SQL injection.
  • If the endpoint is not essential, consider disabling or removing delete_photos.php from the deployment.
  • Deploy a web application firewall or input filtering layer to detect and block suspicious SQL injection patterns.
  • Regularly monitor application logs for unusual query activity or authentication failures that may indicate exploitation attempts.

Generated by OpenCVE AI on March 27, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title code-projects Social Networking Site Endpoint delete_photos.php sql injection
First Time appeared Code-projects
Code-projects social Networking Site
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:social_networking_site:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects social Networking Site
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Social Networking Site
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T18:24:14.173Z

Reserved: 2026-03-27T08:51:47.455Z

Link: CVE-2026-4970

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T19:16:44.617

Modified: 2026-03-27T19:16:44.617

Link: CVE-2026-4970

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:44Z

Weaknesses