CVE-2026-9584

7.3 HIGH

A security vulnerability has been detected in code-projects Project Management System 1.0

Published: 2026-05-26 · Last updated: 2026-05-27

Severity and scoring

CVSS: 7.3 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74, CWE-89

Description

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9584
[Other]https://code-projects.org/
[Other]https://github.com/MyMySSS/CVE123/blob/main/cve3/CVE_Submission.md
[Other]https://vuldb.com/submit/817933
[Other]https://vuldb.com/vuln/365640
[Other]https://vuldb.com/vuln/365640/cti

Related CVEs

Same CWE

CVE-2026-52715 — Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions (9.3 CRITICAL)
CVE-2026-52712 — Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions (7.6 HIGH)
CVE-2026-49772 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events C... (9.3 CRITICAL)
CVE-2026-39581 — Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions (8.5 HIGH)
CVE-2026-39574 — Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions (9.3 CRITICAL)