CVE-2026-2172 - Vulnerability Details

- code-projects Online Application System for Admission Login Endpoint index.php sql injection

Description

A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Published: 2026-02-08

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the login endpoint of the Online Application System for Admission allows injection of arbitrary SQL through an unchecked user input. The vulnerability arises from an unknown functionality in enrollment/index.php that fails to properly sanitize or parameterize the input, enabling an attacker to execute arbitrary SQL statements. If successfully exploited, a remote attacker could read sensitive data, modify or delete records, and possibly gain further access to the underlying system depending on the database permissions length.

Affected Systems

The affected product is the Online Application System for Admission by code‑projects, version 1.0. The vulnerability is located in the login endpoint "enrollment/index.php" and is specific to this release without a known mitigated version yet available.

Risk and Exploitability

TheSS score of 6.9 rates the vulnerability as high‑medium severity, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild at present, though the issue has been publicly disclosed. The attack can be launched remotely using the login functionality, and there is no information that the vulnerability is listed in the CISA KEV catalog. Exploitation requires only the ability to send crafted input to the login endpoint, making it an easy target for automated scanners.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

code-projects

Online Application System for Admission

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:fabian:online_application_system_for_admission:1.0:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Code-projects	Online Application System For Admission	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest vendor patch or upgrade to a non‑vulnerable version as recommended by code‑projects.
As a temporary measure, ensure that all user input to the login endpoint is escaped or processed using prepared statements to eliminate injection opportunities.
Configure the database user account used by the application with the principle of least privilege, limiting it to only the necessary operations on required tables.
Enable logging and monitoring of unusual SQL activity to detect potential exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 21:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://code-projects.org/
https://vuldb.com/?ctiid.344873
https://vuldb.com/?id.344873
https://vuldb.com/?submit.749253

History

Wed, 11 Feb 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fabian Fabian online Application System For Admission
CPEs		cpe:2.3:a:fabian:online_application_system_for_admission:1.0:::::::*
Vendors & Products		Fabian Fabian online Application System For Admission

Mon, 09 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Code-projects Code-projects online Application System For Admission
Vendors & Products		Code-projects Code-projects online Application System For Admission

Sun, 08 Feb 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Title		code-projects Online Application System for Admission Login Endpoint index.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://code-projects.org/ https://vuldb.com/?ctiid.344873 https://vuldb.com/?id.344873 https://vuldb.com/?submit.749253
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Code-projects Online Application System For Admission

Fabian Online Application System For Admission

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-08T18:02:08.944Z

Updated: 2026-02-23T09:46:22.225Z

Reserved: 2026-02-07T14:52:29.361Z

Link: CVE-2026-2172

Vulnrichment

Updated: 2026-02-09T18:02:30.600Z

NVD

Status : Analyzed

Published: 2026-02-08T19:16:21.240

Modified: 2026-02-11T18:40:34.150

Link: CVE-2026-2172

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T22:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object