Description
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection enabling unauthorized data access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection flaw in the Web application's modal_view.php script. An attacker can supply crafted input that is not properly sanitized and that is executed by the underlying database, potentially disclosing sensitive student and alumni records or modifying stored data. The weakness matches the Common Weakness Enumeration identifier CWE-89.

Affected Systems

The affected software is Carmelo's Simple Student Alumni System, version 1.0, as deployed from the source at the referenced GitHub repository. No other vendors or product versions are listed as impacted.

Risk and Exploitability

The CVSS base score of 9.8 indicates a high severity level, but the EPSS score of less than 1 percent suggests that real‑world exploitation events are currently rare. Because the flaw is exposed to remote users through the web interface, the attack vector is public, and no authentication or elevated privileges are required to trigger the exploit. The system is not listed in the CISA KEV catalog, meaning no publicly known exploits are catalogued yet. Nonetheless the high severity warrants early attention and mitigation.

Generated by OpenCVE AI on April 16, 2026 at 14:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor's security update or upgrade to a patched version of Simple Student Alumni System
  • Implement input validation and protected database queries using prepared statements or parameterized queries to eliminate unsanitized user input
  • Restrict the database user privileges to the minimum necessary for the application, limiting potential damage if an injection succeeds

Generated by OpenCVE AI on April 16, 2026 at 14:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Simple Student Alumni System 1.0 via modal_view.php

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Student Alumni System
Vendors & Products Code-projects
Code-projects simple Student Alumni System

Tue, 03 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Student Alumni System
CPEs cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Student Alumni System

Tue, 03 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
References

Subscriptions

Carmelo Simple Student Alumni System
Code-projects Simple Student Alumni System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T14:55:06.537Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26694

cve-icon Vulnrichment

Updated: 2026-03-03T14:55:00.510Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T15:16:36.203

Modified: 2026-03-03T19:44:43.503

Link: CVE-2026-26694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:00:14Z

Weaknesses