CVE-2026-2172
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical SQL injection flaw exists in the login page of the Online Application System for Admission 1.0. Attackers can remotely send malicious database commands through the system, potentially compromising it.
Who is affected
All deployments of version 1.0 are affected. A successful attacker could steal, modify, or delete application data, and possibly gain unauthorized access to the system.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, consider disabling or replacing the vulnerable system, and implement a web application firewall (WAF) with SQL injection rules as a temporary mitigation.
Technical Description
A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74