CVE-2026-0699

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 4.7

CVSS3: 7.2

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Ссылки

https://code-projects.org/
Product
https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20activity.php%20sql%20injection.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.339976
Permissions Required
VDB Entry
https://vuldb.com/?id.339976
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.733000
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:carmelo:intern_membership_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-wfh3-rv4c-xphx

CVSS3: 4.7

github

около 1 месяца назад

EPSS

Процентиль: 7%

0.00027

Низкий

4.7 Medium

CVSS3

7.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

CWE-89