CVE-2026-2171

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0

Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of the username and password arguments. This issue can be exploited remotely. The exploit has been publicly released.

Recommendations Apply any available updates to address the SQL injection issue in the accounts.php file. As a temporary workaround, restrict access to the accounts.php file to minimize the risk of exploitation. Sanitize the username and password parameters before using them in database queries.