Description
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-04-09
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: SQL Injection
Action: Immediate Patch
AI Analysis

Impact

A vulnerability exists in the Simple IT Discussion Forum's question-function.php. The function accepts a user-supplied "content" argument that is used directly in a database query, allowing an attacker to inject arbitrary SQL. This flaw can be exploited remotely via the web interface and could enable unauthorized reading, modification, or deletion of forum data, as well as potential escalation to other database operations. The weakness is classified as CWE‑74 and CWE‑89.

Affected Systems

The affected product is code‑projects Simple IT Discussion Forum, version 1.0. Only this specific version is reported to contain the vulnerable function, and the issue resides in an unknown internal function within the mentioned file.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate to high severity flaw, and the exploitation vector is remote. EPSS is not available and the vulnerability is not listed in KEV, suggesting it is not yet known as a widely exploited vulnerability. However, the public disclosure and confirmed exploitability mean attackers could realistically use the flaw to compromise the database. Mitigation should be applied promptly to prevent potential data breaches or service disruption.

Generated by OpenCVE AI on April 9, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Simple IT Discussion Forum to a patched version that corrects the SQL injection in question-function.php.
  • If no patch exists, block or sanitize the 'content' parameter by using prepared statements or parameterized queries.
  • Implement input validation to reject SQL meta-characters in the content field.
  • Deploy a Web Application Firewall rule targeting suspicious patterns on the question-function.php endpoint.
  • Monitor application logs for injection attempts and conduct periodic penetration testing.

Generated by OpenCVE AI on April 9, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple It Discussion Forum
Vendors & Products Code-projects
Code-projects simple It Discussion Forum

Thu, 09 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Simple IT Discussion Forum question-function.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple It Discussion Forum
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-09T00:45:10.818Z

Reserved: 2026-04-08T16:55:06.374Z

Link: CVE-2026-5827

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T01:16:50.380

Modified: 2026-04-09T01:16:50.380

Link: CVE-2026-5827

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:22Z

Weaknesses