CVE-2026-7143

1000 Projects Portfolio Management System MCA block_status.php sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-89

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

1000 Projects · Portfolio Management System MCA

public PoCs found — 1

cve_referencegithub.com/9str0IL/CVE/issues/3unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://1000projects.org/https://github.com/9str0IL/CVE/issues/3 https://vuldb.com/submit/801607 https://vuldb.com/vuln/359742 https://vuldb.com/vuln/359742/cti