CVE-2026-2225
7.3 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical SQL injection vulnerability exists in the administrator login page of itsourcecode News Portal Project 1.0. Attackers can remotely exploit it by manipulating the email field to execute malicious database commands.
Who is affected
All deployments of News Portal Project 1.0 are affected. An attacker could gain unauthorized administrative access, steal sensitive data, or take control of the portal.
Recommended fix
Immediately apply any official patch from the vendor. If unavailable, implement strict input validation and parameterized queries for the /admin/index.php email parameter as a temporary mitigation.
Technical Description
A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74