{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2060", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-06T06:32:59.555Z", "datePublished": "2026-02-06T17:32:07.216Z", "dateUpdated": "2026-02-23T09:26:29.368Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:26:29.368Z"}, "title": "code-projects Simple Blood Donor Management System editcampaignform.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Simple Blood Donor Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-06T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-12T08:47:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "kyxh (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344620", "name": "VDB-344620 | code-projects Simple Blood Donor Management System editcampaignform.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344620", "name": "VDB-344620 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.744262", "name": "Submit #744262 | code-projects Simple Blood Donor Management System V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/kyxh001/CVE/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T18:01:08.657696Z", "id": "CVE-2026-2060", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T18:02:37.568Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2060", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T18:01:08.657696Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T18:01:42.466Z"}}], "cna": {"tags": ["x_freeware"], "title": "code-projects Simple Blood Donor Management System editcampaignform.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "kyxh (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "code-projects", "product": "Simple Blood Donor Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-06T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-12T08:47:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344620", "name": "VDB-344620 | code-projects Simple Blood Donor Management System editcampaignform.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344620", "name": "VDB-344620 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.744262", "name": "Submit #744262 | code-projects Simple Blood Donor Management System V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/kyxh001/CVE/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:26:29.368Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2060", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:26:29.368Z", "dateReserved": "2026-02-06T06:32:59.555Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-06T17:32:07.216Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fabian:simple_blood_donor_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "75613ECC-3DE5-4D47-9A97-BCD7E52D3824", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en code-projects Simple Blood Donor Management System 1.0. Afectada por esta vulnerabilidad es una funcionalidad desconocida del archivo /simpleblooddonor/editcampaignform.php. Realizar una manipulaci\u00f3n del argumento ID resulta en inyecci\u00f3n SQL. Es posible iniciar el ataque remotamente. El exploit ha sido hecho p\u00fablico y podr\u00eda ser usado."}], "id": "CVE-2026-2060", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-06T18:16:00.320", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://github.com/kyxh001/CVE/issues/1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344620"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344620"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.744262"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:39:45.979871+00:00", "value": {"mitigation_remediation": ["Replace editcampaignform.php with the vendor\u2019s latest patch that properly sanitizes the ID parameter or uses parameterized queries.", "If a patch is not available, restrict access to the file by requiring authentication or moving it outside the web root.", "Deploy a web application firewall to detect and block SQL injection attempts targeting the ID parameter.", "Review and update all application input handling to ensure user-supplied data is correctly escaped or parameterized."], "summary": {"action": "Apply Patch", "impact": "SQL Injection (Data Compromise)"}, "threat_synthesis": {"affected_systems": "The affected product is the Simple Blood Donor Management System version 1.0 from the vendor code-projects. No other version or vendor information is provided.", "description_and_impact": "The vulnerability is located in the file editcampaignform.php of Simple Blood Donor Management System 1.0. Manipulating the ID parameter allows an attacker to inject arbitrary SQL commands into the database query, enabling read, modify, or delete operations on donor and campaign data. This weakness corresponds to the classic SQL injection flaw identified as CWE-74 and CWE-89.", "risk_and_exploitability": "The CVSS score of 6.9 signals a moderate to high severity, while the EPSS score of less than 1% indicates a low but nonzero probability of exploitation. The vulnerability can be triggered remotely via the web interface without requiring elevated privileges, and it is not listed in the CISA KEV catalog. The reported exploit is publicly available and could be used against any exposed instance of the application."}}}}, "created": "2026-02-09T10:50:12.235444+00:00", "updated": "2026-04-17T22:45:29.936633+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$simple_blood_donor_management_system"]}