Cyber Resilience

CVE-2026-2225

MediumPublic PoC

Published: 09 February 2026

Published
09 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2225 is a medium-severity Injection (CWE-74) vulnerability in Clive 21 News Portal Project. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2225 is a SQL injection vulnerability (CWE-74, CWE-89) in itsourcecode News Portal Project 1.0, affecting unknown code in the /admin/index.php file of the Administrator Login component. The flaw is triggered by manipulation of the 'email' argument, enabling remote attackers to inject malicious SQL payloads. Published on 2026-02-09, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as high severity.

Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low complexity. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability, such as unauthorized access to or modification of database contents via the injected SQL.

Advisories from VulDB (vuldb.com/?ctiid.344942, vuldb.com/?id.344942, vuldb.com/?submit.753402) and a GitHub issue (github.com/wan1yan/cve/issues/2) document the issue, along with the project site (itsourcecode.com). An exploit has been published and may be used in attacks.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely.…

more

The exploit has been published and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct SQL injection in unauthenticated admin login of public-facing web app enables remote exploitation per T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3135Same product: Clive 21 News Portal Project
CVE-2026-3164Same product: Clive 21 News Portal Project
CVE-2026-3134Same product: Clive 21 News Portal Project
CVE-2026-2162Same product: Clive 21 News Portal Project
CVE-2026-2161Same vendor: Clive 21
CVE-2026-1688Same vendor: Clive 21
CVE-2026-2116Shared CWE-74, CWE-89
CVE-2025-15436Shared CWE-74, CWE-89
CVE-2026-6148Shared CWE-74, CWE-89
CVE-2026-3792Shared CWE-74, CWE-89

Affected Assets

clive 21
news portal project
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the 'email' input parameter to reject malicious SQL syntax before it reaches the database.

prevent

Mandates timely remediation of the known SQL-injection flaw in /admin/index.php to eliminate the published exploit path.

preventdetect

Boundary protection devices (e.g., WAF rules) can inspect and block SQL-injection payloads targeting the remote login endpoint.

References