| Title | itsourcecode News Portal Project v1.0 SQL Injection |
|---|
| Description | During the security review of the News Portal Project, a critical SQL injection vulnerability was identified in the **`/admin/index.php`** file. The application directly incorporates user-supplied input into an SQL query without proper validation or the use of prepared statements. As a result, attackers can inject malicious SQL queries through the **username/email parameter** used in the administrator login function.
Successful exploitation of this vulnerability may allow attackers to bypass authentication and gain unauthorized access to sensitive administrative information. Immediate remediation is required to mitigate the risk and ensure the security and integrity of the system and its data. |
|---|
| Source | ⚠️ https://github.com/wan1yan/cve/issues/2 |
|---|
| User | wanyan (UID 95221) |
|---|
| Submission | 02/06/2026 12:50 (3 months ago) |
|---|
| Moderation | 02/08/2026 17:07 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 344942 [itsourcecode News Portal Project 1.0 Administrator Login /admin/index.php email sql injection] |
|---|
| Points | 20 |
|---|