CVE-2026-2087
7.3 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical vulnerability in the SourceCodester Online Class Record System allows attackers to inject malicious code through the login page. This matters because it's a simple, network-based attack that can completely compromise the system.
Who is affected
All users of Online Class Record System version 1.0 are affected. An attacker could steal, modify, or delete sensitive data like student records and administrator credentials.
Recommended fix
Immediately update to a patched version from the vendor, if available. As a workaround, apply strict input validation and parameterized queries to the `/admin/login.php` file, specifically for the `user_email` parameter.
Technical Description
A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74