Vulnerabilities ›

CVE-2026-7115

Medium

CWE-74 — Weakness Type

                    Published: Apr 27, 2026                      ·  Modified: Apr 30, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

🤖 AI Executive Summary

CVE-2026-7115 is a SQL injection vulnerability in code-projects Employee Management System 1.0 affecting the delete.php file through improper handling of the ID parameter. Remote attackers can exploit this publicly available vulnerability to manipulate database queries without authentication.

📄 Description (Arabic)

ثغرة حقن SQL في نظام إدارة الموظفين من code-projects الإصدار 1.0 تؤثر على ملف delete.php حيث لا يتم التحقق من صحة معامل معرف المستخدم بشكل صحيح. يمكن للمهاجمين البعيدين استغلال هذه الثغرة المتاحة علناً لتنفيذ أوامر SQL تعسفية والوصول إلى بيانات الموظفين الحساسة.

🤖 ملخص تنفيذي (AI)

A SQL injection flaw exists in code-projects Employee Management System 1.0 where the ID parameter in delete.php is not properly sanitized. This allows remote attackers to execute arbitrary SQL commands and potentially compromise sensitive employee data.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 08:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government healthcare banking

🎯 MITRE ATT&CK Techniques

T1190 T1083 T1005

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update code-projects Employee Management System to the latest patched version. Implement parameterized queries and prepared statements for all database operations. Apply input validation and sanitization on all user-supplied parameters, particularly the ID field. Deploy Web Application Firewall (WAF) rules to detect and block SQL injection attempts. Conduct security code review of all database interaction points.

🔧 خطوات المعالجة (العربية)

قم بتحديث نظام إدارة الموظفين فوراً إلى أحدث إصدار معدل. طبق الاستعلامات المعاملة والبيانات المحضرة لجميع عمليات قاعدة البيانات. طبق التحقق من صحة المدخلات على جميع معاملات معرف المستخدم. نشر قواعد جدار حماية تطبيقات الويب لكشف محاولات الحقن. أجر مراجعة أمنية شاملة لجميع نقاط التفاعل مع قاعدة البيانات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-2.1 ECC-2.2 ECC-3.1

🔵 SAMA CSF

ID.RA-1 PR.DS-1 PR.AC-1

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5 A.13.1.1

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul5.md

cna@vuldb.com

🔗

https://vuldb.com/submit/800835

cna@vuldb.com

🔗

https://vuldb.com/vuln/359715

cna@vuldb.com

🔗

https://vuldb.com/vuln/359715/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-74

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-27

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7115

Introduce Yourself

Sign In Required