Skip to main content

Student Membership System CVE-2026-5195

| EUVDEUVD-2026-17341 MEDIUM
SQL Injection (CWE-89)
2026-03-31 VulDB
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 08:30 euvd
EUVD-2026-17341
Analysis Generated
Mar 31, 2026 - 08:30 vuln.today
CVE Published
Mar 31, 2026 - 08:15 nvd
MEDIUM 6.9

DescriptionCVE.org

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely.

AnalysisAI

SQL injection in code-projects Student Membership System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the User Registration Handler component. The vulnerability has a CVSS score of 7.3 with network-based attack vector and low complexity, requiring no privileges or user interaction. EPSS data not available; no CISA KEV listing indicates confirmed actively exploited status is unknown. Publicly available exploit code exists per researcher disclosure on GitHub, elevating real-world risk for organizations running this application.

Technical ContextAI

This vulnerability stems from CWE-89 (SQL Injection), a code injection flaw where untrusted input is incorporated into SQL queries without proper sanitization or parameterization. The affected component is code-projects Student Membership System version 1.0, specifically within the User Registration Handler module (CPE: cpe:2.3:a:code-projects:student_membership_system:*:*:*:*:*:*:*:*). Student Membership System is a web-based application for managing student records and memberships. The registration handler likely processes user-supplied input fields during account creation, such as username, email, or personal details, which are then passed unsafely to backend SQL queries. Without input validation or prepared statements, attackers can inject malicious SQL commands that the database executes with application privileges, potentially bypassing authentication, extracting sensitive student data, modifying records, or escalating privileges within the application database.

RemediationAI

No vendor-released patch identified at time of analysis. Organizations currently running code-projects Student Membership System 1.0 should immediately discontinue use of the User Registration functionality until remediation is available, or implement compensating controls. Immediate mitigation options include deploying a web application firewall configured with SQL injection signatures to filter malicious input targeting the registration handler, restricting network access to the registration endpoint to trusted IP ranges only, or disabling public user registration entirely if operationally feasible. For development teams maintaining custom deployments, apply secure coding practices by replacing all dynamic SQL queries in the User Registration Handler with parameterized prepared statements or stored procedures, implement strict input validation using allow-lists for expected character sets and formats, apply principle of least privilege to database accounts used by the application, and conduct thorough code review of all user input handling pathways. Monitor vendor resources at https://code-projects.org/ and VulDB references https://vuldb.com/vuln/354293 for potential future patches. Consider migrating to actively maintained student management systems with established security response processes.

Share

CVE-2026-5195 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy