EUVD-2026-14289
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploit is now public and may be used.
Analysis
SQL injection in projectworlds Online Notes Sharing System 1.0 allows unauthenticated remote attackers to manipulate the Benutzer parameter in /login.php, enabling unauthorized data access, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable public access to the /login.php endpoint and assess which systems are running the vulnerable version. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in the 'Benutzer' parameter and implement network segmentation to restrict database access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today