CVE-2026-0698
SQL Injection in Intern Membership System's edit_students.php Allows Remote Exploit
Publication date: 2026-01-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | intern_membership_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0698 is a SQL injection vulnerability in version 1.0 of the code-projects Intern Membership Management System. It occurs due to improper handling of the 'admin_id' parameter in the file /intern/admin/edit_students.php, allowing an attacker to inject malicious SQL code. This can lead to unauthorized modification of SQL queries, potentially compromising the system's confidentiality, integrity, and availability. The vulnerability can be exploited remotely but requires a higher level of authentication. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to manipulate SQL queries, which may lead to unauthorized access to sensitive data, modification or deletion of data, and disruption of system availability. Since it affects confidentiality, integrity, and availability, an attacker could potentially retrieve confidential information, alter data, or cause denial of service. Remote exploitation is possible, increasing the risk of attack. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable file `/intern/admin/edit_students.php` on your system or network. You can use Google dorking with the query `inurl:intern/admin/edit_students.php` to identify vulnerable targets. Additionally, testing the `admin_id` parameter for SQL injection by sending crafted inputs and observing the system's response can help detect the vulnerability. Specific commands are not provided, but using web vulnerability scanners or manual testing tools targeting SQL injection on the `admin_id` parameter in the mentioned file is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been reported for this vulnerability. The suggested immediate step is to replace the affected component (Intern Membership Management System version 1.0) with an alternative product that is not vulnerable. [1]