SQL Injection Found in Simple CMS: Public Exploit Available

/HIGH
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
SQL Injection Found in Simple CMS: Public Exploit Available

A high-severity SQL injection vulnerability, tracked as CVE-2026-6182, has been identified in code-projects Simple Content Management System version 1.0. According to the National Vulnerability Database, this flaw resides within an unspecified function of the /web/admin/login.php file.

The vulnerability is triggered by manipulating the User argument, allowing remote attackers to execute SQL injection attacks. The CVSSv3.1 score of 7.3 (HIGH) underscores the risk, with an AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L vector indicating it’s network-exploitable with low complexity, requiring no privileges or user interaction, and impacting confidentiality, integrity, and availability.

What’s concerning is that a public exploit is already available. This significantly lowers the bar for attackers, making it easier for even script kiddies to leverage the flaw. The CWEs associated with this vulnerability are CWE-74 (Improper Neutralization of Special Elements in Output Used by a Different Context) and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)), which are classic web application security pitfalls.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

6 rules · 5 SIEM formats

6 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-6182

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

6 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6182 SQLi code-projects Simple Content Management System version 1.0
CVE-2026-6182 SQLi Vulnerable file: /web/admin/login.php
CVE-2026-6182 SQLi Vulnerable argument: User

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs