Is PHP affected by CVE-2026-2087?

A high-severity vulnerability exists in the SourceCodester Online Class Record System's admin login functionality that could allow attackers to compromise administrative accounts and gain unauthorized access to student records and system controls.

CVE-2026-2087

HIGH

2026-02-07 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 07, 2026 - 14:16 nvd

HIGH 7.3

Description

A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Analysis

SQL injection in SourceCodester Online Class Record System 1.0 allows unauthenticated remote attackers to manipulate the user_email parameter in /admin/login.php, potentially enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, and no patch is currently available.

Remediation

Within 24 hours: Immediately isolate affected systems from production networks or restrict access to the admin login page to trusted IP addresses only. Within 7 days: Conduct a security audit of login logs for suspicious activity and reset all administrative credentials; contact SourceCodester for patch availability and timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2026-2087 vulnerability details – vuln.today

Back

CVE-2026-2087

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2087

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code