EUVD-2026-20819
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'content' parameter in /question-function.php, enabling unauthorized database access, data exfiltration, and potential manipulation of stored records. Publicly available exploit code exists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of Simple IT Discussion Forum 1.0 in production and development environments; take affected systems offline or restrict network access pending remediation. Within 7 days: Contact the vendor for patch availability and timeline; if no patch emerges, implement a Web Application Firewall (WAF) rule to block requests containing SQL injection patterns to the /question-function.php 'content' parameter and disable the vulnerable endpoint if operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today