PT-2026-6907 · Unknown · Sourcecodester Online Class Record System
Mrcc
·
Published
2026-02-07
·
Updated
2026-02-07
·
CVE-2026-2087
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Online Class Record System version 1.0
Description
A flaw exists in SourceCodester Online Class Record System 1.0. The issue is related to the manipulation of the
user email argument within the file '/admin/login.php', leading to a SQL injection condition. This manipulation can be initiated remotely. The exploit has been published.Recommendations
Apply any available updates or patches for SourceCodester Online Class Record System version 1.0.
As a temporary workaround, restrict access to the /admin/login.php file.
Sanitize the
user email input to prevent SQL injection attacks.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Online Class Record System