Description
Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Prison Management System version 1.0 contains a classic SQL injection flaw—CWE‑89—that allows an attacker to supply malicious input via the username field on the admin login page. This input can modify the database query executed by the server, potentially enabling data extraction, modification of records, or privilege escalation depending on the underlying database permissions. The vulnerability directly impacts confidentiality and integrity of the system’s stored information.

Affected Systems

The affected product is the PHP-based Prison Management System, version 1.0, distributed to correctional facilities and related administrative environments.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed as a CISA KEV, so current exploitation data is unknown. However, the nature of the flaw—unfiltered username input used in a database query—provides a straightforward attack path for anyone who can reach the login page. Without proper mitigation, the risk of exploitation is significant, particularly in contexts where the database user has broad access rights.

Generated by OpenCVE AI on May 8, 2026 at 06:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest version of the Prison Management System if a patch is released by the vendor
  • Refactor the login code to use prepared statements or parameterized queries so that user input cannot alter the SQL structure
  • Ensure that the database account used by the application has the least privileges necessary, restricting its ability to modify or delete data

Generated by OpenCVE AI on May 8, 2026 at 06:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 07:15:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Prison Management System Admin Login
Weaknesses CWE-89

Fri, 08 May 2026 05:45:00 +0000

Type Values Removed Values Added
Description Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T05:02:43.450Z

Reserved: 2024-04-23T00:00:00.000Z

Link: CVE-2024-33288

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T06:16:09.293

Modified: 2026-05-08T06:16:09.293

Link: CVE-2024-33288

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T07:00:04Z

Weaknesses