Which versions of Feedback System are affected by CVE-2026-8098?

CVE-2026-8098 is a critical authentication bypass in code-projects Feedback System 1.0 that allows unauthenticated attackers to gain administrative access through SQL injection in the login panel.

Is there a public PoC exploit available for CVE-2026-8098?

Yes, a public proof-of-concept exploit is available for CVE-2026-8098. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-8098?

Within 24 hours: Identify all instances of code-projects Feedback System 1.0 in your environment and take them offline or place behind network access controls (IP whitelist/VPN). Document inventory with hostnames and IP addresses. Within 7 days: Contact vendor for security guidance and confirm no vendor-released patch exists; evaluate alternative feedback systems or request timeline for patch availability. Within 30 days: Plan migration to patched version or replacement product; implement Web Application Firewall (WAF) rules to block SQL injection patterns in email parameters if immediate replacement is not feasible.

Feedback System CVE-2026-8098

Q: What is the CVSS score of CVE-2026-8098?

CVE-2026-8098 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28444 MEDIUM

SQL Injection (CWE-89)

2026-05-07 VulDB

GHSA-g323-63gp-7v74

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 07, 2026 - 21:22 NVD

HIGH MEDIUM

CVSS changed

May 07, 2026 - 21:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 07, 2026 - 21:16 vuln.today

CVE Published

May 07, 2026 - 20:30 nvd

HIGH 7.3

DescriptionNVD

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

SQL injection in code-projects Feedback System 1.0 admin login panel allows remote unauthenticated attackers to bypass authentication and access administrative functions via crafted email parameter. Publicly available proof-of-concept exploit code exists on GitHub. …

RemediationAI

Within 24 hours: Identify all instances of code-projects Feedback System 1.0 in your environment and take them offline or place behind network access controls (IP whitelist/VPN). Document inventory with hostnames and IP addresses. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8098 vulnerability details – vuln.today

Back

Feedback System CVE-2026-8098

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Feedback System CVE-2026-8098

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code