Which versions of Project Management System are affected by CVE-2026-9584?

SQL injection in code-projects Project Management System 1.0 allows unauthenticated attackers to bypass authentication controls and access sensitive project data through the login handler.

Is there a public PoC exploit available for CVE-2026-9584?

Yes, a public proof-of-concept exploit is available for CVE-2026-9584. Prioritise patching immediately. EPSS: 0.0%.

Project Management System CVE-2026-9584

Q: What is the CVSS score of CVE-2026-9584?

CVE-2026-9584 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-32004 MEDIUM

SQL Injection (CWE-89)

2026-05-26 VulDB

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 26, 2026 - 22:22 NVD

HIGH MEDIUM

CVSS changed

May 26, 2026 - 22:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

May 26, 2026 - 22:12 vuln.today

DescriptionNVD

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

SQL injection in code-projects Project Management System 1.0 allows remote unauthenticated attackers to manipulate database queries through the login handler (chk.php). The flaw stems from unsanitized input being passed into a SQL statement, enabling authentication-context query tampering and data disclosure. …

RemediationAI

Within 24 hours: Remove code-projects 1.0 from production or isolate it behind network access controls restricted to internal staff; deploy Web Application Firewall (WAF) rules to block SQL injection patterns in the login endpoint (chk.php). Within 7 days: Enable rate limiting and account lockout policies on authentication attempts; configure audit logging for all database access attempts; scan application logs for exploitation signatures. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9584 vulnerability details – vuln.today

Back

Project Management System CVE-2026-9584

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Project Management System CVE-2026-9584

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code