Vulnerabilities ›

CVE-2026-5985

High

CWE-74 — Weakness Type

                    Published: Apr 9, 2026                      ·  Modified: Apr 16, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

🤖 AI Executive Summary

CVE-2026-5985 is a SQL injection vulnerability in Simple IT Discussion Forum 1.0 affecting the /crud.php file through the user_Id parameter, allowing remote attackers to execute arbitrary SQL commands. The vulnerability has been publicly disclosed and actively exploited, posing significant risk to organizations using this forum software.

📄 Description (Arabic)

يتعلق الثغرة بعدم التحقق الصحيح من معامل user_Id في ملف /crud.php بمنتدى Simple IT Discussion Forum الإصدار 1.0، مما يسمح بحقن أوامر SQL عشوائية. يمكن للمهاجمين البعيدين استغلال هذه الثغرة للوصول إلى بيانات قاعدة البيانات أو تعديلها أو حذفها. تم الإفصاح العلني عن الثغرة وهناك أدلة على استخدامها في هجمات فعلية.

🤖 ملخص تنفيذي (AI)

A SQL injection flaw exists in Simple IT Discussion Forum 1.0 where the user_Id parameter in /crud.php is not properly sanitized, enabling remote attackers to inject malicious SQL code. This publicly disclosed vulnerability is currently being exploited in active attacks against vulnerable systems.

🤖 AI Intelligence Analysis Analyzed: May 7, 2026 01:04

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government telecom banking healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1083 T1005

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade Simple IT Discussion Forum to a patched version if available. Implement input validation and parameterized queries for all database operations. Apply Web Application Firewall (WAF) rules to detect and block SQL injection attempts. Conduct database access reviews and restrict privileges to minimum necessary levels. Monitor database logs for suspicious query patterns.

🔧 خطوات المعالجة (العربية)

قم بترقية Simple IT Discussion Forum إلى نسخة معدلة فوراً إن توفرت. طبق التحقق من صحة المدخلات والاستعلامات المعاملة لجميع عمليات قاعدة البيانات. طبق قواعد جدار حماية تطبيقات الويب للكشف عن محاولات حقن SQL. راجع صلاحيات الوصول إلى قاعدة البيانات وقيدها بالحد الأدنى الضروري. راقب سجلات قاعدة البيانات للاستعلامات المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

CC-6.1 CC-6.2 CC-7.2

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://github.com/2581565901/thebugihadfind/issues/1

cna@vuldb.com

🔗

https://vuldb.com/submit/791897

cna@vuldb.com

🔗

https://vuldb.com/vuln/356539

cna@vuldb.com

🔗

https://vuldb.com/vuln/356539/cti

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-74

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-09

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5985

💬 Comments

Introduce Yourself

Sign In Required