Description
A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Published: 2026-04-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection allowing unauthorized data access
Action: Apply patch
AI Analysis

Impact

A vulnerability exists in the Faculty Management System 1.0’s subject-print.php file. By manipulating the ID argument, an attacker can inject arbitrary SQL statements, leading to unauthorized data access, modification or deletion. The flaw is a classic SQL injection (CWE‑74, CWE‑89) and is publicly available for exploitation.

Affected Systems

The affected product is the code‑projects Faculty Management System version 1.0. Only the /subject-print.php page is impacted, and the issue arises when the ID parameter is not properly sanitized.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS data is missing, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw can be triggered remotely through the web interface, an adversary only needs network access to the application. The public nature of the exploit increases the likelihood of abuse even though no advanced conditions are required.

Generated by OpenCVE AI on April 13, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or repository for a patched version of the Faculty Management System.
  • If no update is available, implement input validation or parameterized queries to sanitize the ID argument.
  • Deploy a web application firewall to block SQL injection attempts.
  • Limit database privileges to the minimum required for the application.
  • Regularly monitor logs for suspicious database activity.

Generated by OpenCVE AI on April 13, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects faculty Management System
Vendors & Products Code-projects
Code-projects faculty Management System

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Title code-projects Faculty Management System subject-print.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Faculty Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T11:16:22.719Z

Reserved: 2026-04-12T20:43:43.273Z

Link: CVE-2026-6167

cve-icon Vulnrichment

Updated: 2026-04-13T11:16:17.442Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T07:16:51.077

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-6167

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:42Z

Weaknesses