CVE-2026-6182

HIGH

code-projects Simple Content Management System login.php sql injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-6182. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a functional SQL injection exploit for CVE-2026-6182, targeting the admin login page of Simple Content Management System PHP. The PoC demonstrates an authentication bypass via the 'user' parameter, allowing unauthenticated remote attackers to gain admin access.

Description

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Exploits (1)

nomisec WORKING POC

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-6182-SQLI-auth

View Code ZIP pw:eip

This repository provides a functional SQL injection exploit for CVE-2026-6182, targeting the admin login page of Simple Content Management System PHP. The PoC demonstrates an authentication bypass via the 'user' parameter, allowing unauthenticated remote attackers to gain admin access.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Simple Content Management System PHP 1.0

No auth needed

Prerequisites: Access to the admin login page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 13, 2026 Full analysis →

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-357105 | code-projects Simple Content Management System login.php sql injection

https://vuldb.com/vuln/357105

Signature, Permissions Required signature permissions-required

VDB-357105 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/357105/cti

Third Party Advisory third-party-advisory

Submit #797263 | code-projects.org Simple Content Management System In PHP 1.0 SQL Injection

https://vuldb.com/submit/797263

Exploit exploit

https://github.com/Xmyronn/simple-cms-sqli-login-bypass-CVE-HUNT-

Product product

https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0031

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

code-projects/Simple Content Management System 1.0

Published Apr 13, 2026

Tracked Since Apr 13, 2026