CVE-2026-5041 MEDIUM

CVE-2026-5041: code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

Vendor Code-Projects

Product Chamber of Commerce Membership Management System

Weakness CWE-77

Published March 29, 2026

Last update March 30, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Key dates

Disclosure timeline

March 29, 2026 CVE published

March 30, 2026 Record updated

Identifiers

CVE CVE-2026-5041

CWE CWE-77

CVSS 5.1 / MEDIUM

Affected versions

Vendor Code-Projects

Product Chamber of Commerce Membership Management System

Affected 1.0