| Title | Code-projects Project Management System v1.0 SQL Injection |
|---|
| Description | There is an authentication bypass vulnerability in the identity authentication module of the Project Management System. Since the system account existence pre-verification code is not strongly bound to the password verification logic, and input security processing is not performed, and the administrator account is automatically built-in by default when the administrator role is selected during the login process, an attacker can use any logic to use the account ID (such as: 'OR '1'='1' -- q) with any password to bypass identity authentication, successfully log in to any account in the system (including the highest authority administrator account), and illegally obtain the highest management authority of the system. |
|---|
| Source | ⚠️ https://github.com/MyMySSS/CVE123/blob/main/cve3/CVE_Submission.md |
|---|
| User | MyMy (UID 96642) |
|---|
| Submission | 05/02/2026 13:21 (2 months ago) |
|---|
| Moderation | 05/26/2026 14:54 (24 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 365640 [code-projects Project Management System 1.0 Login chk.php sql injection] |
|---|
| Points | 20 |
|---|