Description
A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Published: 2026-05-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Student Details Management System version 1.0, specifically within the /index.php file that processes the roll query string. By manipulating the roll argument, an attacker can inject arbitrary SQL statements, giving them the ability to read, modify, or delete database records. This flaw is a classic example of CWE‑89 (SQL Injection) and CWE‑74 (Unvalidated Hyperlink or HTML References), indicating insufficient input validation and lack of parameterized queries.

Affected Systems

The affected product is code-projects' Student Details Management System 1.0. No other vendors, products, or versions are listed as impacted, so risk is confined to installations of this exact version that expose the vulnerable /index.php endpoint.

Risk and Exploitability

The CVSS Base Score of 6.9 classifies this as a moderate severity vulnerability. EPSS information is not available, and the flaw is not listed in the CISA KEV catalog. However, the exploit is publicly available and can be triggered remotely without authentication by crafting a specially‑formatted URL containing the roll parameter with SQL payloads. The public nature of the exploit raises the likelihood of real‑world attacks that could compromise confidentiality and integrity of student data.

Generated by OpenCVE AI on May 30, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest release of the Student Details Management System that removes the vulnerable code or incorporates parameterized queries for the roll parameter.
  • If an immediate update is not possible, enforce strict input validation so that the roll value contains only numeric characters, and use prepared statements to prevent SQL injection.
  • Restrict the database user that the application uses to the minimal set of privileges required, eliminating direct SELECT/UPDATE rights on sensitive tables.

Generated by OpenCVE AI on May 30, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 07:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Title code-projects Student Details Management System index.php sql injection
First Time appeared Code-projects
Code-projects student Details Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:student_details_management_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects student Details Management System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Student Details Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T06:00:13.548Z

Reserved: 2026-05-29T17:04:59.000Z

Link: CVE-2026-10110

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T07:16:27.813

Modified: 2026-05-30T07:16:27.813

Link: CVE-2026-10110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T10:00:10Z

Weaknesses