CVE-2026-4970

MEDIUM

code-projects Social Networking Site Endpoint delete_photos.php sql injection

Title source: cna

Description

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-353857 | code-projects Social Networking Site Endpoint delete_photos.php sql injection

https://vuldb.com/?id.353857

Signature, Permissions Required signature permissions-required

VDB-353857 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.353857

Third Party Advisory third-party-advisory

Submit #777870 | code-projects Social Networking Site in PHP 1.0 SQL Injection

https://vuldb.com/?submit.777870

Exploit exploit

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20in%20Social%20Networking%20Site%20v1.0%20delete_photos.php.md

View Exploit ZIP pw:eip

Product product

https://code-projects.org/

Scores

CVSS v3 6.3

EPSS 0.0019

EPSS Percentile 9.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

code-projects/Social Networking Site 1.0

Published Mar 27, 2026

Tracked Since Mar 29, 2026