PT-2026-7003 · Unknown · Online Student Management System

Imcoming

Published

2026-02-08

Updated

2026-02-23

CVE-2026-2171

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0

Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of the username and password arguments. This issue can be exploited remotely. The exploit has been publicly released.

Recommendations Apply any available updates to address the SQL injection issue in the accounts.php file. As a temporary workaround, restrict access to the accounts.php file to minimize the risk of exploitation. Sanitize the username and password parameters before using them in database queries.

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-2171

Affected Products

Online Student Management System

PT-2026-7003 · Unknown · Online Student Management System

CVE-2026-2171

Weakness Enumeration

Related Identifiers

Affected Products

References · 13