Medium severity6.3NVD Advisory· Published May 31, 2026· Updated Jun 1, 2026
CVE-2026-10170
CVE-2026-10170
Description
A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.0
Patches
Vulnerability mechanics
References
4News mentions
2- Code-Projects: Eight SQLi CVEs Across Five Apps Disclosed With Public ExploitsVypr Intelligence · Jun 1, 2026
- Code-Projects Batch: Four SQLi Bugs Across Three Products Disclosed TogetherVypr Intelligence · May 31, 2026