CVE-2026-2173
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical vulnerability in the Online Examination System 1.0 allows attackers to inject malicious commands through the login page. This matters because it is easy to exploit and can give attackers full control over the system's database.
Who is affected
All users running the affected version 1.0 are impacted. A remote attacker could steal sensitive data like exam questions and student credentials, or take over the entire system.
Recommended fix
Immediately apply any official patch from the vendor. If unavailable, use parameterized queries to fix the SQL injection in the `login.php` file and deploy a Web Application Firewall (WAF) as a temporary mitigation.
Technical Description
A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74