EUVD-2026-21224
GHSA-374q-fqxh-29v6
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Analysis
SQL injection in code-projects Simple IT Discussion Forum 1.0 via /crud.php allows unauthenticated remote attackers to extract, modify, or delete database content through the user_Id parameter. The vulnerability permits unauthorized data access and integrity compromise with publicly available exploit code. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of Simple IT Discussion Forum 1.0 in production and take affected systems offline or restrict network access to /crud.php via firewall rules. Within 7 days: Contact the vendor for patch timeline and evaluate alternative forum solutions for migration. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today