Description
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-04-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

There is a remote SQL injection flaw in the Simple IT Discussion Forum v1.0, situated in the add-category-function.php script. An attacker can manipulate the Category parameter to inject arbitrary SQL commands, allowing unauthorized access or modification of the database. This violation of input validation produces a classic SQL injection weakness (CWE‑74/CWE‑89). The impact includes potential data theft, tampering, or loss, undermining the confidentiality, integrity, and availability of the forum’s data.

Affected Systems

Affected systems are the Simple IT Discussion Forum supplied by code-projects, specifically version 1.0. The vulnerability exists in the add-category-function.php file used for creating forum categories.

Risk and Exploitability

The severity of the flaw is classified as Moderate (CVSS 6.9). EPSS data is not available, and it is not listed in the CISA Known Exploited Vulnerabilities catalog, yet the vulnerability is publicly disclosed and exploitable over the network. The likely attack vector is remote HTTP requests that provide a malcrafted Category value to the script. Without mitigating controls, an attacker can inject SQL and compromise the underlying database.

Generated by OpenCVE AI on April 10, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of Simple IT Discussion Forum if available.
  • Modify add-category-function.php to validate or sanitize the Category input or use parameterized queries.
  • Deploy a web application firewall that detects and blocks SQL injection attempts.
  • Monitor application logs for suspicious SQL activity.

Generated by OpenCVE AI on April 10, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple It Discussion Forum
Vendors & Products Code-projects
Code-projects simple It Discussion Forum

Fri, 10 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Simple IT Discussion Forum add-category-function.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple It Discussion Forum
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-10T11:48:27.122Z

Reserved: 2026-04-09T16:07:55.663Z

Link: CVE-2026-6031

cve-icon Vulnrichment

Updated: 2026-04-10T11:48:21.305Z

cve-icon NVD

Status : Received

Published: 2026-04-10T08:16:26.253

Modified: 2026-04-10T08:16:26.253

Link: CVE-2026-6031

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:26:30Z

Weaknesses