Description
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Published: 2026-04-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

The vulnerability resides in the cat parameter of the /catageory.php file in code‑projects Lost and Found Thing Management 1.0. By manipulating this argument an attacker can inject SQL code which is then executed against the application's database. This flaw falls under CWE‑74 and CWE‑89 and allows the attacker to read, modify, or delete data stored in the database, thereby compromising confidentiality and integrity.

Affected Systems

Only the code‑projects Lost and Found Thing Management 1.0 application is listed as affected. No other vendors, versions or sub‑components are mentioned in the available CNA data.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate severity. No EPSS data or KEV listing is available. The vulnerability can be exploited remotely through the /catageory.php endpoint, and public exploit code has been shared, so the risk remains significant for internet‑exposed deployments.

Generated by OpenCVE AI on April 13, 2026 at 08:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and apply any vendor‑released patch for code‑projects Lost and Found Thing Management.

Generated by OpenCVE AI on April 13, 2026 at 08:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects lost And Found Thing Management
Vendors & Products Code-projects
Code-projects lost And Found Thing Management

Mon, 13 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Title code-projects Lost and Found Thing Management catageory.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Lost And Found Thing Management
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T05:15:09.634Z

Reserved: 2026-04-12T20:43:24.179Z

Link: CVE-2026-6163

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T06:16:06.927

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-6163

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:50Z

Weaknesses