EUVD-2026-20821CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
Analysis
SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via crafted postid parameter in /functions/addcomment.php. Publicly available exploit code exists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of Simple IT Discussion Forum 1.0 in your environment and take the affected application offline or restrict network access to /functions/addcomment.php. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns targeting the postid parameter, and deploy intrusion detection signatures for this CVE. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today