Skip to content
Threat Feed
high advisory

Remote SQL Injection in code-projects Online Job Portal (CVE-2026-15675)

A SQL injection vulnerability (CVE-2026-15675) has been identified in code-projects Online Job Portal version 1.0, located in the `/Admin/EditUser.php` file and triggered by manipulating the `UserId` argument, allowing for remote SQL injection attacks with publicly available exploit code.

What's new

  • l2 added detection rule: Detects CVE-2026-15677 Exploitation - Unrestricted File Upload Attempt Jul 14, 07:20 via nvd

A high-severity SQL injection vulnerability, identified as CVE-2026-15675, exists in code-projects Online Job Portal version 1.0. This flaw specifically affects an unspecified function within the /Admin/EditUser.php file, where improper handling of the UserId argument allows for arbitrary SQL commands to be executed. The vulnerability can be exploited remotely by an unauthenticated attacker. The exploit for CVE-2026-15675 is publicly available, increasing the likelihood of widespread exploitation. Successful exploitation can lead to unauthorized access, modification, or deletion of sensitive database information, compromising the confidentiality, integrity, and availability of the application's data. Organizations using this specific version of the Online Job Portal are at immediate risk.

Attack Chain

  1. An unauthenticated attacker crafts a malicious HTTP POST request targeting the /Admin/EditUser.php endpoint of the code-projects Online Job Portal 1.0 application.
  2. The request includes a specifically crafted UserId parameter containing SQL injection payloads, designed to bypass inadequate input validation mechanisms.
  3. The vulnerable web application processes the EditUser.php request, passing the manipulated UserId value directly into a backend database query without proper sanitization or parameterized query techniques.
  4. The underlying database server executes the attacker-controlled SQL commands embedded within the UserId parameter.
  5. This execution allows the attacker to perform unauthorized database operations, such as reading sensitive user data, modifying existing records, or deleting critical information.
  6. The attacker successfully compromises the confidentiality, integrity, or availability of the application's data through these unauthorized database actions.

Impact

Successful exploitation of CVE-2026-15675 leads to severe data compromise within the affected Online Job Portal. Attackers can gain unauthorized access to sensitive user information, administrative credentials, or any data stored in the application's backend database. This could result in data theft, data manipulation, or complete data destruction, severely impacting the organization's operations and potentially leading to regulatory fines and reputational damage. While no specific victim numbers or sectors are mentioned, any organization deploying code-projects Online Job Portal 1.0 is susceptible.

Recommendation

  • Immediately patch or update code-projects Online Job Portal 1.0 to a version where CVE-2026-15675 has been remediated.
  • Deploy the provided Sigma rule to your SIEM to detect exploitation attempts against CVE-2026-15675.
  • Implement robust input validation and parameterized queries for all user-supplied input, especially in critical files like /Admin/EditUser.php, to prevent SQL injection vulnerabilities.
  • Monitor web server access logs for /Admin/EditUser.php for unusual HTTP requests containing common SQL injection patterns in the UserId parameter.

Detection coverage 2

Detects CVE-2026-15675 Exploitation - SQL Injection in Online Job Portal

high

Detects exploitation attempts against CVE-2026-15675, a SQL injection vulnerability in code-projects Online Job Portal 1.0, by looking for malicious patterns in the UserId parameter of /Admin/EditUser.php.

sigma tactics: impact, initial_access techniques: T1190, T1485, T1537, T1565 sources: webserver

Detects CVE-2026-15677 Exploitation - Unrestricted File Upload Attempt

high

Detects exploitation attempts against CVE-2026-15677, an unrestricted file upload vulnerability in code-projects Online Job Portal, by monitoring POST requests to /JobSeekerInsert.php with dangerous file extensions in the txtFile argument.

sigma tactics: execution, initial_access techniques: T1190, T1505.003 sources: webserver

Detection queries are available on the platform. Get full rules →