PT-2026-6989 · Code Projects · Student Web Portal

Trysec

Publicado

2026-02-08

Atualizado

2026-02-08

CVE-2026-2158

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Student Web Portal version 1.0

Description A flaw exists in code-projects Student Web Portal 1.0 that allows for remote execution of SQL injection. The issue is located in the file /check user.php and involves manipulation of the Username argument. The vulnerable component is an unknown function within this file.

Recommendations Apply input validation and sanitization to the Username argument in the /check user.php file.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2026-2158

Produtos afetados

Student Web Portal

PT-2026-6989 · Code Projects · Student Web Portal

CVE-2026-2158

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10