Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Simple IT Discussion Forum: SQL Injection in Comment Addition
CVE-2026-5828
Summary
A security flaw in the Simple IT Discussion Forum software allows an attacker to inject malicious SQL code when adding comments. This could allow an attacker to access sensitive data or take control of the system. Users should update to a fixed version or apply a patch to protect their system.
Original title
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid...
Original description
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 9 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026