SQL Injection Vulnerability in Code-Projects Simple IT Discussion Forum by Code-Projects
CVE-2026-5828

6.9MEDIUM

Key Information:

Vendor: Code-projects
Status: Simple It Discussion Forum
Vendor: CVE Published:; 9 April 2026

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5828?

A SQL injection vulnerability exists in Code-Projects' Simple IT Discussion Forum version 1.0, specifically within an unknown function in the /functions/addcomment.php file. This vulnerability allows attackers to manipulate the 'postid' argument, potentially leading to unauthorized access to the database. The exploit can be executed remotely, raising significant security concerns for users. As this vulnerability has been publicly disclosed, it is crucial for users to implement appropriate patches and security measures to mitigate the risk.

Affected Version(s)

Simple IT Discussion Forum 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5828 - Proof of Concept