CVE-2026-5041 PUBLISHED

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

• y7_0x (VulDB User) reporter

• VDB-353964 | code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection
• VDB-353964 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #778873 | code-projects Chamber of Commerce Membership Management System 1.0 Command Injection
• https://gist.github.com/y7y7y77/dd6df2db50fd0146b72fc4e0766a4ffd
• https://code-projects.org/

• Command Injection CWE
• Injection CWE