PT-2026-29214 · Code Projects · Student Membership System
Nomath
·
Published
2026-03-31
·
Updated
2026-03-31
·
CVE-2026-5196
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
code-projects Student Membership System version 1.0
Description
A flaw exists in code-projects Student Membership System version 1.0 that allows for SQL injection. The issue is located in the
/delete member.php file, specifically through manipulation of the ID argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed.Recommendations
Apply any available updates to address the SQL injection issue in the
/delete member.php file.
As a temporary workaround, consider restricting access to the /delete member.php file until a patch is available.
Sanitize the ID input parameter to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Student Membership System