CVE-2026-0546

HIGH

Code-projects Content Management System - Injection

Title source: rule

Description

A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

References (5)

[Product] https://code-projects.org/

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/gtxy114514/CVE/issues/1

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.339338

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.339338

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.728924

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-74 CWE-89

Status published

Affected Products (1)

code-projects/content_management_system

Timeline

Published Jan 02, 2026

Tracked Since Feb 18, 2026