CVE-2026-6167

| EUVD-2026-21891 MEDIUM
2026-04-13 VulDB GHSA-83p9-7gqh-59qj
PHP SQLi
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 13, 2026 - 07:29 vuln.today
Severity Changed
Apr 13, 2026 - 07:22 NVD
HIGH MEDIUM
CVSS Changed
Apr 13, 2026 - 07:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)

DescriptionNVD

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

AnalysisAI

SQL injection in code-projects Faculty Management System 1.0 via the ID parameter in /subject-print.php allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate or modify database contents with low confidentiality and integrity impact. Publicly available exploit code exists, creating immediate operational risk for organizations running this system.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6167 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy