Description
A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw was discovered in sambitraj's STUDENT-MANAGEMENT-SYSTEM login page where the email input is directly incorporated into a SQL statement. By manipulating the email argument, an attacker can inject arbitrary SQL commands, enabling the disclosure, modification, or deletion of sensitive data. The vulnerability is categorized as CWE-89 (SQL Injection) and is noted as CWE-74, though the primary effect concerns SQL injection.

Affected Systems

The affected product is sambitraj's STUDENT-MANAGEMENT-SYSTEM, version 1.0, which is hosted in the public GitHub repository. No other versions are listed as affected, and the vendor has not released a fix as of the last advisory. The issue remains present in the login functionality exposed through the web interface.

Risk and Exploitability

The severity of the flaw is reflected in a CVSS score of 6.9, indicating moderate risk. No EPSS score is available, but the advisory notes that an exploit has been publicly released and can be executed remotely via the exposed login page. The vulnerability is not listed in the CISA KEV catalog, yet remote attackers could leverage the flaw without needing local access or privileged credentials. With the absence of an official patch, the threat persists until the underlying code is corrected or mitigated.

Generated by OpenCVE AI on May 30, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the direct string construction of the SQL query with a parameterized statement that uses prepared statements or bind variables.
  • Validate and sanitize the email input to ensure it matches a strict email format before it reaches the database layer.
  • If an immediate code fix is unavailable, restrict or disable the exposed login endpoint and enforce strict access controls until a vendor patch becomes available.

Generated by OpenCVE AI on May 30, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 08:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title sambitraj STUDENT-MANAGEMENT-SYSTEM Login Page sql injection
First Time appeared Sambitraj
Sambitraj student-management-system
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sambitraj:student-management-system:*:*:*:*:*:*:*:*
Vendors & Products Sambitraj
Sambitraj student-management-system
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sambitraj Student-management-system
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T07:45:07.947Z

Reserved: 2026-05-29T17:06:47.758Z

Link: CVE-2026-10111

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T08:16:16.013

Modified: 2026-05-30T08:16:16.013

Link: CVE-2026-10111

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T10:00:10Z

Weaknesses