Back to VulnFeed / CVE-2026-14656
root@hackertop:~/vulnfeed/CVE-2026-14656#
CVE-2026-14656 LOW CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

code-projects Assessment Management 1.0 /admin/remove-user.php ID cross site scripting

Assessment Management 1.0 1d ago Impact pending confirmation
LIFECYCLE
3.9 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in code-projects Assessment Management 1.0 (Project Management Software). It has been classified as problematic. Affected is an unknown code of the file /admin/remove-user.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
The manipulation of the argument id with an unknown input leads to a unknown weakness. CWE is classifying the issue as CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Impact: This is going to have an impact on integrity.

Exploit: The exploit is shared for download at github.com. It is declared as proof-of-concept. By approaching the search of inurl:admin/remove-user.php it is possible to find vulnerable targets with Google Hacking.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-14656 · CVSS 3.9 · Active Threat