CVE-2026-2174
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A vulnerability in the Contact Management System 1.0 allows attackers to bypass authentication on a critical data management endpoint by manipulating an ID parameter. This matters because it lets unauthorized users access or modify contact data without a password.
Who is affected
All deployments of code-projects Contact Management System 1.0 are affected. A remote attacker could create, read, update, or delete contact information in the system.
Recommended fix
Apply any official patch from the vendor immediately. If no patch is available, restrict network access to the system and consider replacing it with a supported, secure version.
Technical Description
A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-287