Simple Content Management System
Monthly
SQL injection in code-projects Simple Content Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /web/index.php and execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. Publicly available exploit code exists and the vulnerability carries a CVSS 6.9 score reflecting moderate confidentiality, integrity, and availability impact across the network-accessible endpoint.
SQL injection in code-projects Simple Content Management System 1.0 allows unauthenticated remote attackers to manipulate the User parameter in /web/admin/login.php, enabling database query manipulation with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, increasing real-world attack likelihood despite the moderate CVSS score of 6.9.
SQL injection in code-projects Simple Content Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /web/index.php and execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. Publicly available exploit code exists and the vulnerability carries a CVSS 6.9 score reflecting moderate confidentiality, integrity, and availability impact across the network-accessible endpoint.
SQL injection in code-projects Simple Content Management System 1.0 allows unauthenticated remote attackers to manipulate the User parameter in /web/admin/login.php, enabling database query manipulation with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, increasing real-world attack likelihood despite the moderate CVSS score of 6.9.