Description
A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.
Published: 2026-02-08
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

This vulnerability resides in the login.php file of version 1.0 of the Online Examination System and allows a remote attacker to manipulate the username and password parameters to inject arbitrary SQL statements. The injection can lead to unauthorized extraction or alteration of user data stored in the database, potentially exposing sensitive examination information or modifying user credentials.

Affected Systems

The affected product is code‑projects Online Examination System version 1.0 for which the vendor is code‑projects. No other versions are currently listed as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, but the EPSS score of less than 1% shows that exploitation is unlikely at present. The vulnerability is not included in the CISA KEV catalog. A remote attacker would need to supply crafted credentials through the login interface; no elevated privileges or local access are required.

Generated by OpenCVE AI on April 17, 2026 at 21:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑provided patch or upgrade to a version that fixes the login input handling.
  • Modify the application to use parameterized queries or an ORM for all credential validation to prevent SQL injection.
  • Configure logging and intrusion detection to alert on repeated malformed login attempts.

Generated by OpenCVE AI on April 17, 2026 at 21:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Fabian
Fabian online Examination System
CPEs cpe:2.3:a:fabian:online_examination_system:1.0:*:*:*:*:*:*:*
Vendors & Products Fabian
Fabian online Examination System

Mon, 09 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects online Examination System
Vendors & Products Code-projects
Code-projects online Examination System

Sun, 08 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.
Title code-projects Online Examination System login.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Code-projects Online Examination System
Fabian Online Examination System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:46:34.810Z

Reserved: 2026-02-07T14:54:02.677Z

Link: CVE-2026-2173

cve-icon Vulnrichment

Updated: 2026-02-09T17:32:27.394Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T19:16:21.420

Modified: 2026-02-11T18:39:47.593

Link: CVE-2026-2173

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T22:00:11Z

Weaknesses