Description
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

Simple Student Alumni System version 1.0 contains a classic SQL injection flaw in the /TracerStudy/recordstudent_edit.php script. An attacker can supply crafted input that bypasses query logic and manipulates the underlying SQL statements. This enables exploitation of the database, allowing an adversary to read, modify, or delete data, potentially revealing personal information and disrupting system operations.

Affected Systems

Only the open‑source "Simple Student Alumni System" developed by the community, version 1.0, is affected. No vendor or patch version information is listed beyond the product name and version.

Risk and Exploitability

Based on the description, it is inferred that the attack vector is remote over the web interface, as the vulnerability resides in a publicly accessible PHP script that accepts user input. The flaw results from unsanitized input concatenated directly into SQL statements, creating a classic CWE‑89 vulnerability. The CVSS score of 9.8 indicates high severity, while an EPSS score of less than 1 percent suggests a low current exploitation probability. The vulnerability is not yet recorded in CISA’s KEV catalog, but the lack of a KEV listing does not diminish the risk of unnoticed attacks.

Generated by OpenCVE AI on April 17, 2026 at 13:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patch for Simple Student Alumni System when one becomes available
  • Replace string concatenation of user input with parameterized queries or stored procedures in recordstudent_edit.php to eliminate the injection surface
  • Deploy a web application firewall or intrusion detection system to detect and block suspicious SQL injection patterns

Generated by OpenCVE AI on April 17, 2026 at 13:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Simple Student Alumni System v1.0

Thu, 05 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Student Alumni System
Vendors & Products Code-projects
Code-projects simple Student Alumni System

Tue, 03 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Student Alumni System
Weaknesses CWE-89
CPEs cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Student Alumni System
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php. code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
References

Subscriptions

Carmelo Simple Student Alumni System
Code-projects Simple Student Alumni System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-05T15:58:25.563Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26695

cve-icon Vulnrichment

Updated: 2026-03-05T15:58:08.012Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T15:16:36.320

Modified: 2026-03-05T16:16:16.463

Link: CVE-2026-26695

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:45:16Z

Weaknesses