CVE-2026-4970
SQL Injection in code-projects Social Networking Site Endpoint
Publication date: 2026-03-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | social_networking_site | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4970 is a high-severity SQL Injection vulnerability found in the Social Networking Site v1.0 PHP application, specifically in the delete_photos.php component.
The vulnerability occurs because the application directly uses user input from the HTTP GET parameter 'id' in an SQL DELETE query without any sanitization, validation, or use of prepared statements.
This allows attackers to inject arbitrary SQL code through the 'id' parameter, enabling them to manipulate the backend database.
Testing showed that the vulnerability supports boolean-based blind and time-based SQL injection techniques, which can be used to execute malicious SQL commands remotely.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to execution of arbitrary SQL commands on the backend database.
- Unauthorized access to sensitive data.
- Extraction of user credentials.
- Modification or deletion of database records.
- Privilege escalation.
- Full backend database compromise.
- Disruption of application availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the delete_photos.php endpoint with specially crafted HTTP GET requests targeting the `id` parameter to check for SQL injection.
One common detection method is to use boolean-based blind or time-based SQL injection payloads to observe if the backend database behavior changes, such as delayed responses.
For example, you can use curl or similar tools to send requests like:
- curl "http://<target>/social_networking_site/delete_photos.php?id=1' AND SLEEP(6)-- "
- curl "http://<target>/social_networking_site/delete_photos.php?id=1' OR '1'='1"
If the response is delayed or the query returns unexpected results, it indicates the presence of SQL injection.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Use prepared statements with parameter binding to safely handle the `id` parameter in SQL queries.
- Validate and sanitize the `id` parameter to ensure it contains only numeric values before using it in queries.
- Implement authorization checks to ensure users can only delete their own photos.
- Avoid using HTTP GET requests for destructive actions like deletion; switch to POST requests with CSRF protection.
- Apply the principle of least privilege by ensuring the database user account has minimal necessary permissions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL Injection vulnerability in the Social Networking Site v1.0 allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access, modification, or deletion of sensitive data including user credentials. Such unauthorized data access and manipulation can result in violations of data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information against unauthorized access and breaches.
Failure to properly secure the application against SQL Injection undermines confidentiality, integrity, and availability of data, which are core principles in many compliance frameworks. Exploitation of this vulnerability could lead to data breaches, unauthorized disclosure of personal data, and loss of data integrity, all of which can result in non-compliance with standards such as GDPR and HIPAA.