Home / Vulnerability Intelligence / CVE-2026-3164

CVE-2026-3164 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: February 25, 2026

itsourcecode News Portal Project - SQL Injection

Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

itsourcecode News Portal Project 1.0 contains a sql injection caused by manipulation of "pagetitle" argument in /admin/contactus.php, letting remote attackers execute arbitrary SQL commands, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 7.3

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version or apply patches to fix the SQL injection vulnerability.

References

https://vuldb.com/?id.347671
https://vuldb.com/?submit.759546
https://github.com/a936848435/cve-report-cyy/issues/1
https://itsourcecode.com/
https://vuldb.com/?ctiid.347671

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3164
Severity: High
CVSS Score: 7.3
Type: sql_injection
Status: confirmed

CWE

CWE-74
CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L