EUVD-2026-21328
GHSA-v7f2-qghm-mg3r
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the Category parameter in /add-category-function.php. Attackers can read, modify, or delete database contents without authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Simple IT Discussion Forum 1.0 and isolate affected instances from production networks or disable the /add-category-function.php endpoint via web application firewall rules. Within 7 days: Contact the vendor for patch availability and timeline; if unavailable, implement input validation and prepared statements for the Category parameter, or migrate to a patched alternative discussion forum platform. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today