CVE-2026-2090
7.3 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A vulnerability in the Online Class Record System allows attackers to inject malicious SQL commands through the search function. This matters because it can be exploited remotely without needing special privileges.
Who is affected
All users of SourceCodester Online Class Record System 1.0 are affected. An attacker could steal, modify, or delete sensitive data from the application's database.
Recommended fix
Apply any official patch from the vendor immediately. If unavailable, disable or restrict access to the `/admin/message/search.php` file and implement strict input validation for the 'term' parameter.
Technical Description
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74