Description
Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
Published: 2026-05-08
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that the Prison Management System version 1.0 contains a classic SQL injection flaw—CWE‑89—that allows an attacker to supply malicious input via the username field on the admin login page. This input can modify the database query executed by the server, potentially enabling data extraction, modification of records, or privilege escalation depending on the underlying database permissions. The vulnerability directly impacts confidentiality and integrity of the system’s stored information.

Affected Systems

The affected product is the PHP-based Prison Management System, version 1.0.

Risk and Exploitability

The EPSS score is reported as < 1% and the CVSS score is 7.3, indicating a medium‑high severity and a very low but nonzero exploitation probability. The vulnerability is not listed in the CISA KEV catalog, so current exploitation data is unknown. Based on the description, the likely attack vector is the web login endpoint where a malicious user can inject SQL via the username parameter. However, the nature of the flaw—unfiltered username input used in a database query—provides a straightforward attack path for anyone who can reach the login page. Without proper mitigation, the risk of exploitation is significant, particularly in contexts where the database user has broad access rights.

Generated by OpenCVE AI on May 8, 2026 at 21:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest version of the Prison Management System if a patch is released by the vendor
  • Refactor the login code to use prepared statements or parameterized queries so that user input cannot alter the SQL structure
  • Ensure that the database account used by the application has the least privileges necessary, restricting its ability to modify or delete data

Generated by OpenCVE AI on May 8, 2026 at 21:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester prison Management System
Vendors & Products Sourcecodester
Sourcecodester prison Management System

Fri, 08 May 2026 21:30:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Prison Management System Admin Login

Fri, 08 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 07:15:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Prison Management System Admin Login
Weaknesses CWE-89

Fri, 08 May 2026 05:45:00 +0000

Type Values Removed Values Added
Description Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
References

Subscriptions

Sourcecodester Prison Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T17:47:46.141Z

Reserved: 2024-04-23T00:00:00.000Z

Link: CVE-2024-33288

cve-icon Vulnrichment

Updated: 2026-05-08T17:47:41.347Z

cve-icon NVD

Status : Deferred

Published: 2026-05-08T06:16:09.293

Modified: 2026-05-08T18:16:31.953

Link: CVE-2024-33288

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T16:11:45Z

Weaknesses