Skip to main content

SourceCodester Comment System EUVD-2026-28488

| CVE-2026-8126 MEDIUM
SQL Injection (CWE-89)
2026-05-08 VulDB GHSA-rw2q-pc53-f59p
PHP SQLi
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 03:30 vuln.today
Severity Changed
May 08, 2026 - 03:22 NVD
HIGH MEDIUM
CVSS changed
May 08, 2026 - 03:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
CVE Published
May 08, 2026 - 01:45 nvd
MEDIUM 5.5

DescriptionNVD

A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

SQL injection in SourceCodester Comment System 1.0 allows remote unauthenticated attackers to manipulate the Name argument in post_comment.php, enabling arbitrary SQL query execution with low confidentiality and integrity impact. Publicly available exploit code exists and the attack requires no special user interaction or authentication, making it accessible to any network-connected attacker.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28488 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy