プラットフォーム
php
修正版
1.0.1
CVE-2026-4575 describes a Cross-Site Scripting (XSS) vulnerability discovered in code-projects Exam Form Submission, specifically impacting version 1.0. This flaw arises from improper handling of the 'sname' argument within the /admin/update_s2.php file, enabling attackers to inject malicious scripts. A public exploit is already available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-4575 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Exam Form Submission application. This can lead to various malicious outcomes, including session hijacking, defacement of the application's administrative interface, and theft of sensitive user data, such as login credentials or personally identifiable information (PII). Given the publicly available exploit, the risk of widespread exploitation is significant, particularly for systems with unpatched installations.
CVE-2026-4575 has a public exploit available, indicating a high likelihood of exploitation. The vulnerability was disclosed on 2026-03-23. It is not currently listed on CISA KEV, but the availability of a public exploit warrants close monitoring and immediate patching.
Organizations utilizing code-projects Exam Form Submission version 1.0, particularly those with publicly accessible administrative interfaces, are at significant risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as an attacker could potentially compromise other applications on the same server.
• php / web: Examine access logs for requests to /admin/update_s2.php containing unusual or suspicious characters in the 'sname' parameter.
grep 'sname=[^a-zA-Z0-9_ ]+' /var/log/apache2/access.log• php / web: Search application files for instances where the 'sname' parameter is used without proper sanitization or encoding.
grep -r 'sname =' /var/www/html/code-projects/Exam Form Submission/disclosure
エクスプロイト状況
EPSS
0.03% (9% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-4575 is to upgrade to a patched version of code-projects Exam Form Submission. Since a fixed version is not specified, thoroughly review the vendor's website or repository for updates. As a temporary workaround, implement strict input validation and sanitization on the 'sname' parameter within the /admin/update_s2.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly monitor application logs for suspicious activity, such as unusual JavaScript execution patterns.
パッチが適用されたバージョンにアップデートするか、/admin/update_s2.php ファイルの 'sname' パラメータを介した悪意のあるコードの挿入を防ぐために必要なセキュリティ対策を適用してください。XSS 攻撃を防ぐために、ユーザー入力を検証およびサニタイズしてください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-4575 is a Cross-Site Scripting (XSS) vulnerability in code-projects Exam Form Submission version 1.0, allowing attackers to inject malicious scripts via the /admin/update_s2.php file.
If you are using code-projects Exam Form Submission version 1.0 and have not applied a patch, you are likely affected by this vulnerability.
Upgrade to a patched version of code-projects Exam Form Submission. If a patch is not available, implement input validation and sanitization on the 'sname' parameter and consider using a WAF.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Check the code-projects website or repository for official advisories and updates related to CVE-2026-4575.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。