CVE-2026-7229

MEDIUM

code-projects Coaching Management System POST reply.php sql injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-7229. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of an authenticated SQL injection vulnerability (CVE-2026-7229) in the Coaching Management System in PHP. It includes vulnerability details, proof-of-concept steps, and screenshots demonstrating the exploitation process.

Description

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Exploits (1)

github WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-7229-SQLI

View Code ZIP pw:eip

This repository provides a detailed technical analysis of an authenticated SQL injection vulnerability (CVE-2026-7229) in the Coaching Management System in PHP. It includes vulnerability details, proof-of-concept steps, and screenshots demonstrating the exploitation process.

Classification

Writeup 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Coaching Management System in PHP (latest version as of April 2026)

Auth required

Prerequisites: Admin authentication · Access to the admin reply functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 01, 2026 Full analysis →

References (5)

Core 5

Core References

Product product

https://code-projects.org/

Vdb Entry, Technical Description vdb-entry technical-description

VDB-359830 | code-projects Coaching Management System POST reply.php sql injection

https://vuldb.com/vuln/359830

Signature, Permissions Required signature permissions-required

VDB-359830 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359830/cti

Third Party Advisory third-party-advisory

Submit #802414 | code-projects Coaching Management System in PHP unknown (latest version as of April 2026) SQL Injection

https://vuldb.com/submit/802414

Exploit exploit

https://github.com/Xmyronn/Authenticated-SQL-Injection-in-Coaching-Management-System.git

Scores

CVSS v3 6.3

EPSS 0.0023

EPSS Percentile 13.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

code-projects/Coaching Management System 1.0

Published Apr 28, 2026

Tracked Since Apr 28, 2026