mediumCVE-2026-15137

code-projects Interview Management System SQL Injection Vulnerability

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

ProductInterview Management System
CVSS5.5
EPSS0.00263
UpdatedJuly 10, 2026

Quick answer

code-projects Interview Management System should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Interview Management System 1.0

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

code-projects Interview Management System 1.0 contains SQL injection in the View.php ID handling path. Remove public exposure, patch parameterized queries, and review the database for unauthorized reads or changes.

  1. Identify any deployed code-projects Interview Management System 1.0 instances.
  2. Take the application offline or restrict it behind trusted network access until the SQL injection is fixed.
  3. Patch the vulnerable ID handling in inc/classes/View.php to use prepared statements and strict numeric validation.
  4. Review all similar database queries for direct string concatenation and replace them with parameterized queries.
  5. Rotate database credentials if the application was reachable by untrusted users.
  6. Review database logs, web access logs, and application records for extraction, tampering, or new administrator accounts.
  7. Deploy a WAF rule only as temporary protection while the code fix is being tested and released.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm the vulnerable ID parameter rejects SQL metacharacters and non-numeric values.
  • Run a safe SQL injection test against the patched endpoint and confirm no database error or injected result is returned.
  • Verify database credentials were rotated where exposure was possible.
  • Review logs for suspicious UNION, sleep, benchmark, or quote-based payloads.
  • Run a Fixnx scan and confirm the application endpoint is not vulnerable.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-15137?

code-projects Interview Management System versions listed as affected should be reviewed: Interview Management System 1.0.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.