{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6165", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-12T20:43:31.661Z", "datePublished": "2026-04-13T05:45:17.209Z", "dateUpdated": "2026-04-13T05:45:17.209Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T05:45:17.209Z"}, "title": "code-projects Vehicle Showroom Management System Login_check.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Vehicle Showroom Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-12T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-12T22:48:56.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Minji (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/357053", "name": "VDB-357053 | code-projects Vehicle Showroom Management System Login_check.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/357053/cti", "name": "VDB-357053 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797090", "name": "Submit #797090 | code-projects Vehicle Showroom Management System V1.0 SQL injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/realnotjoking/cve/issues/2", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."}], "id": "CVE-2026-6165", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-13T06:16:07.373", "references": [{"source": "cna@vuldb.com", "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "url": "https://github.com/realnotjoking/cve/issues/2"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/797090"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357053"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357053/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "vehicle_showroom_management_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-04-13T07:20:25.924107+00:00", "value": {"mitigation_remediation": ["Obtain and apply the latest patch or release from code-projects that fixes the SQL injection in /util/Login_check.php.", "If no patch is available, restrict direct access to the Login_check.php endpoint and validate or escape the ID parameter before using it in SQL queries.", "Deploy a web application firewall or use input sanitization libraries to detect and block SQL injection attempts.", "Continuously monitor web server and database logs for suspicious activity and verify that the mitigation is effective."], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is the code-projects Vehicle Showroom Management System 1.0. No specific sub\u2011versions are listed beyond the main release.", "description_and_impact": "A weakness in the Vehicle Showroom Management System 1.0 enables an attacker to manipulate the ID argument in the /util/Login_check.php file, resulting in SQL injection. This flaw allows the execution of arbitrary SQL statements against the underlying database, potentially exposing sensitive data, modifying records, or enabling further exploitation. The vulnerability is classified under CWE-74 and CWE-89, signifying improper escape of user input and direct SQL injection respectively.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, while the EPSS score is not available. The vulnerability can be exploited remotely with publicly available proof\u2011of\u2011concept code, and it is not listed in the CISA KEV catalog. Attackers can target the exposed login check endpoint to execute SQL commands, compromising confidentiality, integrity, and possibly availability of the database."}}}}, "created": "2026-04-13T12:37:00.491620+00:00", "updated": "2026-04-13T12:52:48.639454+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$vehicle_showroom_management_system"]}