Description
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.
Published: 2026-03-02
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection enabling unauthorized data access
Action: Apply Fix
AI Analysis

Impact

The Simple Student Alumni System v1.0 contains an SQL Injection flaw in the modal_edit.php page. The vulnerability allows an attacker to supply crafted input that is directly incorporated into SQL statements, which can result in unauthorized data retrieval, modification, or deletion. This flaw is identified as CWE-89 and affects confidentiality, integrity, and potentially availability of the underlying data store.

Affected Systems

Carmelo Simple Student Alumni System, version 1.0, distributed as a code-projects application. No other vendors or product versions are listed in the vulnerability record.

Risk and Exploitability

The CVSS base score of 4.9 indicates a moderate impact with limited exploitation effort. The EPSS score of less than 1% suggests a very low likelihood of current exploitation, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector is through the web interface by submitting malicious input to the modal_edit.php endpoint, possibly requiring user authentication. The risk remains moderate until mitigated because unauthorized data exposure remains a serious concern.

Generated by OpenCVE AI on April 17, 2026 at 13:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace dynamic SQL queries in modal_edit.php with prepared statements or parameterized queries to prevent injection
  • Validate and sanitize all user inputs for the modal_edit.php endpoint to ensure they match expected formats and do not contain SQL control characters
  • Configure a web application firewall or input sanitization layer to detect and block SQL injection patterns targeting the TracerStudy/modal_edit.php URL

Generated by OpenCVE AI on April 17, 2026 at 13:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Simple Student Alumni System v1.0 SQL Injection in TracerStudy/modal_edit.php

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Student Alumni System
Vendors & Products Code-projects
Code-projects simple Student Alumni System

Tue, 03 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Carmelo
Carmelo simple Student Alumni System
CPEs cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*
Vendors & Products Carmelo
Carmelo simple Student Alumni System

Mon, 02 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Description code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.
References

Subscriptions

Carmelo Simple Student Alumni System
Code-projects Simple Student Alumni System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-02T18:22:49.164Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26698

cve-icon Vulnrichment

Updated: 2026-03-02T18:22:38.130Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T14:16:27.560

Modified: 2026-03-03T19:44:32.417

Link: CVE-2026-26698

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:45:16Z

Weaknesses