What is CVE-2026-0701?

A low-severity SQL injection vulnerability has been identified in Carmelo's Intern Membership Management System. Organizations should prioritize patching to mitigate potential risks.

What is the severity of CVE-2026-0701?

CVE-2026-0701 has a severity rating of LOW with a CVSS base score of 2.

CVE-2026-0701 | Low Severity Vulnerability in Carmelo Intern Membership Management System

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

The CVSS score for this vulnerability is 2, indicating a low severity level. Despite the low score, organizations should remain vigilant as this vulnerability could be exploited remotely, potentially leading to unauthorized access.

Risk to organizations includes the possibility of sensitive data exposure or manipulation through SQL injection techniques. Organizations should prioritize patching immediately.

Currently, there are no known public exploits confirmed for this vulnerability, but the availability of an exploit makes it a point of concern for security teams.

Organizations should address this vulnerability in their priority patch cycle to mitigate any potential risks associated with its exploitation.

Vulnerability Details

A vulnerability was identified in code-projects Intern Membership Management System 1.0. The manipulation of the argument Username leads to SQL injection. The affected file is /intern/admin/add_admin.php. This vulnerability allows attackers to exploit the system remotely. The CVSS score is 2, indicating low severity.

The vulnerability is classified under CWE-89, which pertains to SQL Injection. Organizations running affected systems should be aware of the risks associated with this vulnerability.

Technical Analysis

The root cause of this vulnerability lies in insufficient validation of user input for the Username argument in the affected file.

The attack vector is network-based, allowing attackers to exploit the vulnerability remotely. The attack complexity is low, meaning minimal skill is required to exploit it. The privilege required is high, meaning the attacker must have administrative access to perform the SQL injection.

User interaction is not required, which increases the likelihood of successful exploitation. The potential impacts on confidentiality, integrity, and availability are low.

Risk & Impact Analysis

The real-world risk associated with this vulnerability includes unauthorized access to sensitive information, potential data modification, and disruption of services. Given the low CVSS score, the immediate impact may be limited, but the ability to exploit the system remotely poses a significant risk if left unaddressed.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability. The potential blast radius includes any systems utilizing the affected version of the Intern Membership Management System.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the Intern Membership Management System version 1.0. Organizations should upgrade to the latest version to mitigate the vulnerability.

Mitigation & Remediation

Organizations should apply available patches to mitigate the identified vulnerability. If a patch is unavailable, consider implementing workarounds such as restricting access to the affected file and monitoring for unusual activity. Regular security assessments and configuration hardening are recommended.

For comprehensive testing, organizations may consider penetration testing to identify similar vulnerabilities.

Detection Guidance

Monitoring for log indicators related to unauthorized access attempts can help in early detection of exploitation attempts. Look for behavioral anomalies that indicate potential SQL injection attacks.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the fact that SQL injection remains a prevalent attack vector in web applications. Organizations should learn from this incident to bolster their security posture against similar vulnerabilities.

Security teams should implement robust input validation and sanitation processes to mitigate SQL injection risks. For further guidance on securing web applications, refer to the following resources: Web application penetration testing and penetration testing methodology can provide insights into effective strategies.

Finally, organizations should consider adopting continuous security testing practices to ensure ongoing resilience against emerging vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-0701: Low Severity Vulnerability in Carmelo Intern Membership Management System