CVE-2026-2158
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
The login page of the Student Web Portal 1.0 is vulnerable to SQL injection, allowing attackers to interfere with the database by entering specially crafted usernames. This is a serious flaw because it can be exploited easily over the network.
Who is affected
All deployments of Student Web Portal 1.0 are affected. An attacker could steal sensitive student data, bypass authentication, or take control of the database.
Recommended fix
Immediately discontinue use of version 1.0 and upgrade to a patched version if available. As a temporary mitigation, apply strict input validation and use parameterized queries for the /check_user.php script.
Technical Description
A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74