CVE-2026-7144 MEDIUM

CVE-2026-7144: 1000 Projects Portfolio Management System MCA update_passwd_process.php authorization

Vendor 1000 Projects

Product Portfolio Management System MCA

Weakness CWE-639 · IDOR

Published April 27, 2026

Last update April 27, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp_user results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Key dates

Disclosure timeline

April 27, 2026 CVE published

April 27, 2026 Record updated