Description
A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-03-31
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection allowing execution of arbitrary SQL queries, potentially compromising data confidentiality and integrity.
Action: Immediate Patch
AI Analysis

Impact

The Student Membership System 1.0 contains an SQL injection flaw in delete_member.php. By manipulating the ID parameter, an attacker can inject and execute arbitrary SQL commands against the underlying database. This could lead to unauthorized data access, data modification, or deletion, thereby jeopardizing the confidentiality, integrity, and availability of the system’s data.

Affected Systems

The vulnerability affects the code‑projects Student Membership System version 1.0 only. No other products or versions are listed as affected in the available information.

Risk and Exploitability

The vulnerability carries a CVSS base score of 5.3, indicating moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Because the description states the attack may be initiated remotely and the exploit has been publicly disclosed, the risk of exploitation is moderate but real. An attacker with network access could potentially exploit the flaw if input validation is lacking and no additional security controls are in place.

Generated by OpenCVE AI on March 31, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade code‑projects Student Membership System to a patched version if one is released. If no patch is available, modify delete_member.php to use parameterized queries or prepared statements and properly escape or validate the ID input. Consider deploying a web application firewall to detect and block SQL injection attempts. Monitor application logs for suspicious activity related to member deletion actions.

Generated by OpenCVE AI on March 31, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects student Management System
Vendors & Products Code-projects
Code-projects student Management System

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Student Membership System delete_member.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Student Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T15:00:30.860Z

Reserved: 2026-03-30T22:24:03.037Z

Link: CVE-2026-5196

cve-icon Vulnrichment

Updated: 2026-04-02T15:00:24.655Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T09:16:23.220

Modified: 2026-04-01T14:24:02.583

Link: CVE-2026-5196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T08:59:31Z

Weaknesses