CVE-2026-6182

HIGH

code-projects Simple Content Management System login.php sql injection

Title source: cna

Description

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Exploits (1)

nomisec WORKING POC

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-6182-SQLI-auth

View Code ZIP pw:eip

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/357105

[Signature, Permissions Required] https://vuldb.com/vuln/357105/cti

[Third Party Advisory] https://vuldb.com/submit/797263

[Exploit] https://github.com/Xmyronn/simple-cms-sqli-login-bypass-CVE-HUNT-

[Product] https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

code-projects/Simple Content Management System 1.0

Published Apr 13, 2026

Tracked Since Apr 13, 2026