CVE-2026-6202 - Vulnerability Details

- code-projects Easy Blog Site post.php sql injection

Description

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-04-13

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in an unknown function within the post.php file of the Easy Blog Site 1.0, where manipulating the tags argument allows an attacker to inject arbitrary SQL statements. This flaw can be triggered remotely through the web interface and has been publicly released, meaning an adversary can exploit it without special credentials. The resulting injection could reveal sensitive data, alter or delete database contents, and potentially compromise the integrity and confidentiality of the hosted content.

Affected Systems

All installations of the code-projects Easy Blog Site version 1.0 are affected, as the flaw originates in the core post.php script. The vulnerability is not limited to specific configurations and applies to any instance that accepts user‑supplied tags via HTTP requests.

Risk and Exploitability

The CVSS score of 5.3 places this at a medium risk level, and the EPSS score is not available, so the likelihood of exploitation cannot be quantified. It is not listed in the CISA KEV catalog. The flaw can be exploited remotely, so a penetration test or web proxy could be used to inject malicious tags into the URL or form data. The absence of a CNA‑issued patch or workaround means users must either update the application or mitigate the issue through code changes.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

code-projects

Easy Blog Site

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Code-projects

Easy Blog Site

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install the latest patch or upgrade to a newer version of Easy Blog Site if the vendor releases one.
If a patch is unavailable, refactor the code to use prepared statements or parameterized queries for all database interactions involving the tags input.
Implement strict input validation and output encoding on the tags field to eliminate special characters that may alter SQL logic.
Enable logging of database errors and monitor web traffic for anomalous SQL injection patterns.

Generated by OpenCVE AI on April 13, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://code-projects.org/
https://github.com/Learner636/CVE-smbmit/issues/6
https://vuldb.com/submit/797629
https://vuldb.com/vuln/357124
https://vuldb.com/vuln/357124/cti

History

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Code-projects Code-projects easy Blog Site
Vendors & Products		Code-projects Code-projects easy Blog Site

Mon, 13 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Title		code-projects Easy Blog Site post.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://code-projects.org/ https://github.com/Learner636/CVE-smbmit/issues/6 https://vuldb.com/submit/797629 https://vuldb.com/vuln/357124 https://vuldb.com/vuln/357124/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Code-projects Easy Blog Site

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-13T19:15:19.523Z

Updated: 2026-04-13T20:49:14.823Z

Reserved: 2026-04-13T08:51:20.077Z

Link: CVE-2026-6202

Vulnrichment

Updated: 2026-04-13T20:49:11.687Z

NVD

Status : Deferred

Published: 2026-04-13T20:16:47.523

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6202

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-14T16:33:29Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object