Description
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Published: 2026-04-09
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

A remote SQL injection flaw exists in the handling of the post_id parameter within the content.php page of the Simple IT Discussion Forum. The missing input validation allows an attacker to inject arbitrary SQL statements. Successful exploitation can read, modify, or delete database contents, compromising confidentiality and integrity of forum data.

Affected Systems

The vulnerability affects code‑projects' Simple IT Discussion Forum version 1.0, which is distributed through the code-projects.org project site.

Risk and Exploitability

The problem carries a CVSS score of 6.9, indicating moderate severity, and has no EPSS score available. It is not listed in the CISA KEV catalog. The described exploitation path involves an attacker sending a crafted request to the content.php endpoint, manipulating the post_id parameter to execute arbitrary SQL commands over the network. Because the flaw permits SQL execution remotely, an attacker could potentially compromise the entire database if no additional defenses are in place.

Generated by OpenCVE AI on April 9, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑released patch for Simple IT Discussion Forum to version 1.0 or later. If a patch is not yet available, upgrade to a newer release when it becomes available.
  • If upgrading is not immediately possible, restrict external access to the /pages/content.php URL or block the post_id parameter from untrusted traffic using firewall or web‑application‑filtering rules.
  • Implement server‑side input validation and replace dynamic SQL with prepared statements or parameterized queries in the affected code.

Generated by OpenCVE AI on April 9, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple It Discussion Forum
Vendors & Products Code-projects
Code-projects simple It Discussion Forum

Thu, 09 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Title code-projects Simple IT Discussion Forum content.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple It Discussion Forum
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-09T01:15:13.784Z

Reserved: 2026-04-08T16:55:13.254Z

Link: CVE-2026-5829

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T02:16:17.727

Modified: 2026-04-09T02:16:17.727

Link: CVE-2026-5829

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:20Z

Weaknesses