CVE-2026-0565 MEDIUM

CVE-2026-0565: code-projects Content Management System delete.php sql injection

Vendor Code-Projects

Product Content Management System

Weakness CWE-89 · SQLi

Published January 2, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Key dates

02Disclosure timeline

January 2, 2026 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-0565

Related vulnerabilities

04Related CVE

CVE-2025-26608 SQL Injection endpoint 'dependente_docdependente.php' parameter 'id_dependente', 'id_doc' in WeGIA CVE-2025-26755 WordPress WP Airbnb Review Slider Plugin <= 3.9 - SQL Injection vulnerability CVE-2025-3335 codeprojects Online Restaurant Management System category_update.php sql injection CVE-2025-6869 SourceCodester Simple Company Website manage.php sql injection CVE-2026-10875 projectworlds Online Art Gallery Shop Project adminHome.ph sql injection