CVE-2026-10170 | code-projects Visitor Management System 1.0 /vms/php/phone_0.php phone sql injection

Inserito da Angelo Barbosa | Mag 30, 2026 | CVE

A vulnerability was found in code-projects Visitor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone causes sql injection.

This vulnerability appears as CVE-2026-10170. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-10170 | code-projects Visitor Management System 1.0 /vms/php/phone_0.php phone sql injection

Post correlati

CVE-2026-20975 | Samsung Cloud up to 5.6.10 insufficient permissions or privileges

CVE-2024-3242 | Brizy Plugin up to 2.4.44 on WordPress unrestricted upload

CVE-2022-49282 | Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1 f2fs_quota_sync null pointer dereference

CVE-2024-11670 | Devolutions Remote Desktop Manager up to 2024.2.21.0 on Windows authorization (DEVO-2024-0015)