Description
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-04-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection via login credentials
Action: Immediate Patch
AI Analysis

Impact

A vulnerability in the login.php component of Easy Blog Site 1.0 allows an attacker to manipulate the username and password parameters, leading to SQL injection. This weakness can enable the execution of arbitrary SQL code, potentially granting unauthorized access to the application’s database and exposing sensitive user data. The exploit is publicly disclosed and can be triggered remotely, increasing the attack surface.

Affected Systems

The affected product is Easy Blog Site version 1.0 from code-projects. No other product or version information is specified in the CVE data.

Risk and Exploitability

With a CVSS score of 6.9, the vulnerability is considered moderate to high risk. No EPSS score or KEV listing is available, but the public disclosure and remote attack vector suggest that exploitation is plausible. An attacker could log in as any user or extract data by injecting malicious SQL through the username or password field.

Generated by OpenCVE AI on April 6, 2026 at 14:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch for Easy Blog Site 1.0. If no patch exists, update login.php to use parameterized queries or properly escape user input. Consider implementing a web application firewall to detect and block suspicious SQL injection payloads. Monitor authentication logs for repeated failed login attempts and unusual query patterns to detect potential exploitation attempts.

Generated by OpenCVE AI on April 6, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects eblog Site
Vendors & Products Code-projects
Code-projects eblog Site

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Title code-projects Easy Blog Site login.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Eblog Site
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T14:49:16.786Z

Reserved: 2026-04-05T20:41:03.928Z

Link: CVE-2026-5646

cve-icon Vulnrichment

Updated: 2026-04-06T14:46:27.837Z

cve-icon NVD

Status : Deferred

Published: 2026-04-06T11:17:03.370

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-5646

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:32:54Z

Weaknesses