PT-2026-28695 · Code Projects · Nero Social Networking Site

Ahmadmarzook

Publicado

2026-03-27

Atualizado

2026-03-28

CVE-2026-4970

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0

Description A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the delete photos.php file of the Endpoint component. Manipulation of the ID parameter can lead to SQL injection. The attack can be carried out remotely. The exploit has been publicly released.

Recommendations Apply a fix to address the SQL injection issue in the delete photos.php file. Restrict or disable access to the vulnerable function within the Endpoint component. Sanitize the ID parameter to prevent SQL injection attacks.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-4970

Produtos afetados

Nero Social Networking Site

PT-2026-28695 · Code Projects · Nero Social Networking Site

CVE-2026-4970

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9