Skip to main content

Contact Management System CVE-2026-2176

MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-02-08 cna@vuldb.com
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 08, 2026 - 19:16 nvd
MEDIUM 6.3

DescriptionCVE.org

A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely.

AnalysisAI

SQL injection in code-projects Contact Management System 1.0 allows authenticated remote attackers to manipulate the selecteditem[0] parameter in index.py and execute arbitrary SQL queries. The vulnerability requires valid user credentials but enables data exfiltration, modification, and potential system compromise. No patch is currently available.

Technical ContextAI

Affects Contact Management System. A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Share

CVE-2026-2176 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy