Description
A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely.
Published: 2026-03-31
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection enabling unauthorized data access
Action: Immediate Patch
AI Analysis

Impact

A flaw in the Student Membership System’s User Registration Handler permits SQL injection. An attacker can craft input that is executed directly against the database, potentially allowing unauthorized read or modify operations on sensitive data. The weakness aligns with CWE‑89 (SQL Injection) and CWE‑74 (Incorrect Encoding). This type of vulnerability compromises confidentiality and integrity of user information.

Affected Systems

The Student Membership System version 1.0 from code‑projects is affected. No other versions are listed, so current deployments of 1.0 remain vulnerable until patched.

Risk and Exploitability

A CVSS score of 6.9 indicates moderate to high severity, and the attack can be launched remotely via the public registration interface. EPSS data is unavailable and the vulnerability is not in the CISA KEV catalog, suggesting it is not yet widely exploited. The likely attack vector is remote submission of malicious registration data, and the path requires only web access to the affected component.

Generated by OpenCVE AI on March 31, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch for Student Membership System 1.0 when it becomes available.
  • Modify the User Registration Handler to use parameterized queries or properly escape all user-provided input.
  • Limit registration to authenticated or trusted users and consider adding rate limiting to the endpoint.
  • Regularly review application logs for anomalous SQL behavior to detect potential exploitation attempts.

Generated by OpenCVE AI on March 31, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects student Membership System
Vendors & Products Code-projects
Code-projects student Membership System

Tue, 31 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely.
Title code-projects Student Membership System User Registration sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Code-projects Student Membership System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-31T12:45:21.409Z

Reserved: 2026-03-30T22:23:58.320Z

Link: CVE-2026-5195

cve-icon Vulnrichment

Updated: 2026-03-31T12:45:16.174Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T09:16:23.013

Modified: 2026-04-01T14:24:02.583

Link: CVE-2026-5195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:10:28Z

Weaknesses