CVE-2026-2171
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Analysis
SQL injection in the login function of code-projects Online Student Management System 1.0 allows unauthenticated attackers to manipulate username and password parameters in accounts.php, enabling unauthorized data access, modification, and potential service disruption. Public exploit code is available for this vulnerability, increasing exploitation risk. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: isolate affected systems from production or restrict network access to authorized users only; notify all system administrators and audit recent login activity. Within 7 days: implement Web Application Firewall (WAF) rules to monitor/block suspicious authentication attempts; conduct forensic review for signs of compromise. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today