CVE-2026-2171
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
This is a critical SQL injection flaw in the Online Student Management System's login page. Attackers can remotely inject malicious code through the username or password fields to manipulate the database.
Who is affected
Any organization using version 1.0 of this system is affected. An attacker could steal, modify, or delete sensitive student data, or potentially gain unauthorized access to the system.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, use parameterized queries to fix the accounts.php file and restrict direct public access to the system until patched.
Technical Description
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74