CVE-2026-0698
Unknown Unknown - Not Provided

SQL Injection in Intern Membership System's edit_students.php Allows Remote Exploit

Vulnerability report for CVE-2026-0698, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-08

Last updated on: 2026-04-29

Assigner: VulDB

Description

A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-08
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-01-08
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
code-projects intern_membership_management_system 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-0698 is a SQL injection vulnerability in version 1.0 of the code-projects Intern Membership Management System. It occurs due to improper handling of the 'admin_id' parameter in the file /intern/admin/edit_students.php, allowing an attacker to inject malicious SQL code. This can lead to unauthorized modification of SQL queries, potentially compromising the system's confidentiality, integrity, and availability. The vulnerability can be exploited remotely but requires a higher level of authentication. [1, 3]

Impact Analysis

This vulnerability can impact you by allowing attackers to manipulate SQL queries, which may lead to unauthorized access to sensitive data, modification or deletion of data, and disruption of system availability. Since it affects confidentiality, integrity, and availability, an attacker could potentially retrieve confidential information, alter data, or cause denial of service. Remote exploitation is possible, increasing the risk of attack. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable file `/intern/admin/edit_students.php` on your system or network. You can use Google dorking with the query `inurl:intern/admin/edit_students.php` to identify vulnerable targets. Additionally, testing the `admin_id` parameter for SQL injection by sending crafted inputs and observing the system's response can help detect the vulnerability. Specific commands are not provided, but using web vulnerability scanners or manual testing tools targeting SQL injection on the `admin_id` parameter in the mentioned file is recommended. [1]

Mitigation Strategies

No known countermeasures or mitigations have been reported for this vulnerability. The suggested immediate step is to replace the affected component (Intern Membership Management System version 1.0) with an alternative product that is not vulnerable. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0698. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart