Description
A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-04-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unrestricted SQL Injection via Login
Action: Apply Patch
AI Analysis

Impact

The Vulnerability occurs in the login component of code‑projects Inventory Management System 1.0. By sending a specially crafted Username argument, an attacker can inject arbitrary SQL statements into the underlying query. This leads to unauthorized data access, database alteration, or deletion, compromising confidentiality, integrity, and availability of the underlying data store.

Affected Systems

code-projects Inventory Management System version 1.0, specifically the Login module in unknown function. No other versions are listed, so the attack is limited to this exact release.

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating a moderate severity level. The EPSS score is less than 1%, meaning the likelihood of exploitation in the wild is low. It is not listed in the CISA KEV catalog. The exploit is remote, accessible by any networked user with the ability to request the login page, and an active exploit is publicly available.

Generated by OpenCVE AI on April 28, 2026 at 04:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Inventory Management System to the vendor’s latest release that includes the fix for the login SQL injection or apply the official patch if available.
  • Ensure that the login endpoint performs strict input validation, rejecting any characters that could form part of SQL control flow, and use prepared statements or parameterized queries when constructing database queries.
  • Deploy a Web Application Firewall or intrusion detection rules that detect and block typical SQL injection payloads targeting the login page; regularly scan for new exploits.

Generated by OpenCVE AI on April 28, 2026 at 04:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Title code-projects Inventory Management System Login sql injection
First Time appeared Code-projects
Code-projects inventory Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:inventory_management_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects inventory Management System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Inventory Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T13:24:25.659Z

Reserved: 2026-04-26T07:43:39.744Z

Link: CVE-2026-7070

cve-icon Vulnrichment

Updated: 2026-04-27T13:24:20.328Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T01:16:15.350

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7070

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:00:14Z

Weaknesses