CVE-2026-4970

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0

Description A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the delete photos.php file of the Endpoint component. Manipulation of the ID parameter can lead to SQL injection. The attack can be carried out remotely. The exploit has been publicly released.

Recommendations Apply a fix to address the SQL injection issue in the delete photos.php file. Restrict or disable access to the vulnerable function within the Endpoint component. Sanitize the ID parameter to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-4970

Affected Products

Nero Social Networking Site

CVE-2026-4970

Weakness Enumeration

Related Identifiers

Affected Products

References · 9