Skip to content
CVSS 7.3 · HIGH

CVE-2026-7070

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

View on NVD

Analysis

This vulnerability affects an Inventory Management System from code-projects, which is a collection of small project templates typically used for educational or hobbyist purposes. While the SQL injection is serious and has a public exploit, the software is not widely used in professional production environments and does not warrant the attention of the broader developer community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-89

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 11.7%
EPSS: 2026-05-06

Technical description

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Published: 4/27/2026, 1:16:15 AM
Last modified: 4/29/2026, 1:00:01 AM

References

HomeEventsBlogResourcesTeam