Description
A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection leading to unauthorized database access
Action: Patch
AI Analysis

Impact

A flaw exists in the login.php file of the Cyber-III Student-Management-System where the Password parameter is handled insecurely. This allows attackers to inject arbitrary SQL through the Password field, enabling read or write operations on the underlying database. The vulnerability is exploitable remotely and has already been disclosed publicly, making it a practical threat for unauthorized data exposure or manipulation.

Affected Systems

The affected product is the Cyber-III Student-Management-System. Specific version details are not disclosed beyond a commit hash, and the project follows rolling releases, so users cannot pinpoint exact revisions. Any installation using the vulnerable commit range is at risk, regardless of the deployment date.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity level. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be network-based, requiring remote access to the login endpoint, and the exploit can be executed by anyone with network visibility to the application. Given that the vendor has not yet released a patch, the risk persists until mitigations are applied.

Generated by OpenCVE AI on April 6, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if a newer release of the Student-Management-System is available and apply it immediately.
  • Ensure that the Password field uses parameterized queries or proper input sanitization before database interaction.
  • Consider limiting database privileges for the application user to the minimum required operations.
  • Enable logging of failed login attempts and monitor for unusual traffic patterns.
  • Apply network-level filters to block suspicious traffic targeting the login endpoint.

Generated by OpenCVE AI on April 6, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Cyber-iii
Cyber-iii student-management-system
Vendors & Products Cyber-iii
Cyber-iii student-management-system

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Title Cyber-III Student-Management-System Parameter login.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Cyber-iii Student-management-system
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T16:57:48.351Z

Reserved: 2026-04-06T08:14:06.652Z

Link: CVE-2026-5669

cve-icon Vulnrichment

Updated: 2026-04-06T16:57:41.499Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T17:17:15.250

Modified: 2026-04-07T13:20:11.643

Link: CVE-2026-5669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:31:36Z

Weaknesses