CVE-2026-2083
7.3 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A critical SQL injection vulnerability exists in the Social Networking Site 1.0 software, specifically in the post deletion feature. Attackers can remotely manipulate database queries, which is a severe flaw because the exploit code is publicly available.
Who is affected
All users running code-projects Social Networking Site 1.0 are affected. An attacker could steal, modify, or delete sensitive user data from the website's database.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, sanitize and parameterize all user input, especially the 'ID' parameter in the /delete_post.php file, or restrict direct access to the file.
Technical Description
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74