Submit #801607: 1000 Projects portfolio-management-system v1.0 SQL Injectioninfo

Title1000 Projects portfolio-management-system v1.0 SQL Injection
DescriptionA critical SQL injection vulnerability exists in 1000project `admin/block_status.php` and `admin/unblock_me.php`. The vulnerability allows an attacker to inject malicious SQL code through base64-encoded parameters, enabling unauthorized modification of user account status. **Key Characteristics:** - **Attack Vector**: Base64 encoded parameter injection - **Impact**: Unauthorized user account status modification - **Authentication**: Requires admin session (but can be bypassed) The vulnerability stems from directly concatenating base64-decoded user input into SQL statements without any parameterization or validation.
Source⚠️ https://github.com/9str0IL/CVE/issues/3
User
 9str0il (UID 97218)
Submission04/10/2026 04:59 (3 months ago)
Moderation04/26/2026 21:47 (17 days later)
StatusAccepted
VulDB entry359742 [1000 Projects Portfolio Management System MCA up to 1.0 /admin/block_status.php q sql injection]
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!