What is CVE-2026-0565?

A medium-severity SQL injection vulnerability exists in Code-Projects Content Management System 1.0. Exploitation can occur remotely through the manipulation of parameters. Timely patching is crucial to mitigate risks associated with this vulnerability.

What is the severity of CVE-2026-0565?

CVE-2026-0565 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2026-0565 | Medium Vulnerability in Code-Projects Content Management System

A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

The vulnerability has a CVSS score of 5.5, indicating a medium severity level. Organizations utilizing this content management system should be aware of the potential risks associated with this vulnerability and the need for timely remediation.

Risk to organizations includes unauthorized access to sensitive data and potential data loss through exploitation of the SQL injection vulnerability. It is imperative for organizations to prioritize patching to mitigate these risks.

Organizations should address this vulnerability in their priority patch cycle to avoid potential exploitation. The availability of publicly known exploits further emphasizes the urgency for defenders.

Vulnerability Details

The vulnerability is classified as a SQL injection issue, allowing attackers to manipulate database queries through crafted input. It has been assigned a CVSS score of 5.5, reflecting its medium severity. The affected product is Code-Projects Content Management System version 1.0, and the vulnerability was published on January 2, 2026. It is categorized under CWE-89.

Technical Analysis

The root cause of this vulnerability lies in insufficient validation of user input, specifically in the /admin/delete.php file. Attackers may leverage this weakness through remote access, utilizing low attack complexity without requiring any privileges or user interaction.

The attack vector for this vulnerability is network-based, making it accessible to attackers without proximity to the target system. The impact on confidentiality, integrity, and availability is categorized as low, but successful exploitation could lead to unauthorized data manipulation.

Risk & Impact Analysis

Organizations utilizing the affected Code-Projects Content Management System are at risk of data exposure and manipulation. The potential blast radius includes all instances of the system, particularly those accessible over the internet. The urgency for remediation is medium due to the moderate severity score of 5.5, but organizations should act promptly to prevent exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of the product is Code-Projects Content Management System 1.0. Organizations should consider all versions prior to the vendor patch as potentially vulnerable.

Mitigation & Remediation

Organizations should prioritize patching the Code-Projects Content Management System to the latest version to mitigate this vulnerability. For those unable to immediately apply the patch, consider implementing input validation and sanitization mechanisms to prevent SQL injection attacks. Additionally, organizations may benefit from conducting a thorough security assessment, including application security assessments to identify and address similar weaknesses across their systems.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual activity related to the /admin/delete.php file. Look for patterns of SQL injection attempts, such as unexpected characters or sequences in input fields. Behavioral anomalies and changes in database integrity should also be closely observed.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing risks associated with SQL injection attacks, which remain a prevalent threat in web applications. Organizations should implement robust security practices to defend against such vulnerabilities, including regular penetration testing and adopting secure coding practices. Additionally, teams should stay informed about emerging threats and vulnerabilities through continuous monitoring and engagement with threat intelligence sources.

By fostering a proactive security culture, organizations can better prepare for and respond to potential exploitation of vulnerabilities such as CVE-2026-0565.

For further guidance on securing web applications and understanding the implications of vulnerabilities, organizations are encouraged to explore resources and training programs tailored to their specific needs.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-0565: Medium Vulnerability in Code-Projects Content Management System