CVE-2026-3135
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Tags
Description
A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Immediately restrict network access to /admin/add-category.php using firewall rules or WAF policies; audit access logs for suspicious activity. Within 7 days: Evaluate feasibility of upgrading to a patched version or migrating to alternative content management solutions; conduct full administrative account audit and reset credentials. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today