CVE-2026-2173
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.
Analysis
SQL injection in code-projects Online Examination System 1.0 allows unauthenticated remote attackers to manipulate the username and password parameters in login.php, potentially enabling unauthorized access to sensitive data or system compromise. The vulnerability requires no user interaction and can be exploited over the network with low complexity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running code-projects Online Examination System 1.0 and isolate affected instances from production networks if possible; enable enhanced logging on login.php and monitor for suspicious authentication attempts. Within 7 days: Deploy Web Application Firewall (WAF) rules to restrict access to login.php, implement IP whitelisting for administrative access, and conduct a security audit of recent login logs for indicators of compromise. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today