Description
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
Published: 2026-03-02
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Database Compromise
Action: Check for patch
AI Analysis

Impact

SQL injection is present in the Simple Student Alumni System v1.0, specifically through the teacherID parameter of the /TracerStudy/recordteacher_view.php endpoint. The flaw allows an attacker to inject arbitrary SQL statements, which can lead to viewing, updating, or deleting data stored in the underlying database. This threatens the confidentiality and integrity of student and alumni records.

Affected Systems

The affected product is the Simple Student Alumni System, version 1.0. No specific vendors are listed in the CNA data; the vulnerability is tied to this single software release.

Risk and Exploitability

The CVSS score of 4.9 places this issue in the moderate range, yet the EPSS score of less than 1 percent indicates that widespread exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog, and the attack vector is inferred to be remote via the web interface, as it is triggered by supplying a crafted teacherID value in an HTTP request.

Generated by OpenCVE AI on April 16, 2026 at 14:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Simple Student Alumni System to a release that addresses the SQL injection flaw; if no patch is available, plan to replace the application with a secure alternative.
  • Modify the teacherID handling code to use prepared statements or properly escaped queries so that user input cannot alter SQL intent.
  • Limit the database user used by the application to only the permissions required for normal operation, removing any unnecessary write or administrative rights.

Generated by OpenCVE AI on April 16, 2026 at 14:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Simple Student Alumni System v1.0

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Student Alumni System
Vendors & Products Code-projects
Code-projects simple Student Alumni System

Tue, 03 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Student Alumni System
CPEs cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Student Alumni System

Mon, 02 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Description code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
References

Subscriptions

Carmelo Simple Student Alumni System
Code-projects Simple Student Alumni System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-02T18:23:06.555Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26697

cve-icon Vulnrichment

Updated: 2026-03-02T18:21:46.758Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T14:16:27.423

Modified: 2026-03-03T19:44:26.787

Link: CVE-2026-26697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:00:14Z

Weaknesses