Description
A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.
Published: 2026-02-08
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Apply Patch
AI Analysis

Impact

The Student Web Portal 1.0 includes an input-based SQL injection vulnerability in /check_user.php, where a malicious actor can manipulate the Username parameter and inject arbitrary SQL statements. This flaw permits execution of unintended SQL code and can be triggered remotely.

Affected Systems

Affected software is code‑projects Student Web Portal version 1.0, as indicated by the reference to the product name and the version identifier in the CPE string. No other affected versions are listed.

Risk and Exploitability

The CVSS base score of 6.9 denotes a moderate severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is currently very low. The vulnerability is not yet identified in the CISA KEV catalog. Attackers can exploit it remotely by sending crafted HTTP requests to the Username field, without needing elevated privileges or local access. The flaw allows execution of arbitrary SQL, but the CVE does not specify the exact impact.

Generated by OpenCVE AI on April 18, 2026 at 13:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security patch or upgrade to a version of the Student Web Portal that eliminates the SQL injection flaw.
  • Modify the Username input handling to use parameterized queries or prepared statements, preventing direct inclusion of user data in SQL commands.
  • Deploy a web application firewall or input sanitization layer to detect and block typical SQL injection payloads.

Generated by OpenCVE AI on April 18, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo student Web Portal
CPEs cpe:2.3:a:carmelo:student_web_portal:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo student Web Portal

Mon, 09 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects student Web Portal
Vendors & Products Code-projects
Code-projects student Web Portal

Sun, 08 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.
Title code-projects Student Web Portal check_user.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Carmelo Student Web Portal
Code-projects Student Web Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:43:20.012Z

Reserved: 2026-02-07T08:50:06.608Z

Link: CVE-2026-2158

cve-icon Vulnrichment

Updated: 2026-02-09T18:55:40.312Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T15:15:52.490

Modified: 2026-02-11T18:44:13.763

Link: CVE-2026-2158

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:15:25Z

Weaknesses