CVE-2026-6163

Description

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

References

• https://code-projects.org/
• https://github.com/lanPwa/CVE/issues/2
• https://vuldb.com/submit/797088
• https://vuldb.com/vuln/357051
• https://vuldb.com/vuln/357051/cti