CVE-2026-10225
SQL Injection in Student Management System by PHP
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raisulislamg4 | student_management_system_by_php | to 310d950e09013d5133c6b9210aff9444382d16d1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in the login system allows attackers to bypass authentication and gain unauthorized administrative access to the application. This unauthorized access can lead to exposure, manipulation, or theft of sensitive personal data managed by the student management system.
Such unauthorized access and potential data breaches can result in non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information, as well as timely breach notifications and mitigation.
Therefore, this vulnerability poses a significant risk to compliance with these common standards and regulations by undermining the confidentiality, integrity, and availability of protected data.
Can you explain this vulnerability to me?
CVE-2026-10225 is a critical SQL Injection vulnerability found in the login system of a PHP-based student management application. The vulnerability exists in the login_check.php file where the username input is directly concatenated into an SQL query without any sanitization or validation.
This flaw allows an attacker to manipulate the username argument by injecting malicious SQL code, which can bypass authentication checks entirely.
For example, an attacker can send a specially crafted login request with a payload like `username=admin' OR '1'='1' -- -` which causes the SQL query to always evaluate as true, granting unauthorized access to the admin dashboard.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to bypass authentication without valid credentials.
- Unauthorized administrative access to the application.
- Ability to manipulate, add, update, or delete sensitive data within the student management system.
- Access to sensitive information stored in the system.
- Potential to chain this vulnerability with others to escalate attacks or cause further damage.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring login attempts for suspicious SQL injection patterns in the username field. For example, payloads like "admin' OR '1'='1' -- -" indicate an attempt to bypass authentication via SQL injection.
You can detect exploitation attempts by capturing HTTP requests to the login endpoint and searching for SQL injection payloads in the username parameter.
- Use network traffic capture tools like tcpdump or Wireshark to monitor HTTP POST requests to login_check.php.
- Run a command such as: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i "username="
- Alternatively, use grep or similar tools on web server logs to find suspicious login attempts: grep -i "username=.*' OR '1'='1" /var/log/apache2/access.log
Additionally, manual testing can be performed by sending crafted HTTP POST requests with SQL injection payloads to the login_check.php endpoint and observing if authentication is bypassed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing SQL injection by sanitizing and validating all user inputs, especially the username and password fields in login_check.php.
Use prepared statements with parameterized queries instead of directly concatenating user input into SQL queries.
If possible, apply a web application firewall (WAF) to block known SQL injection payloads targeting the login endpoint.
Monitor and restrict access to the login_check.php file, and consider implementing rate limiting to reduce automated attack attempts.
Since the project uses a rolling release model but has not yet responded, consider reviewing and patching the vulnerable code manually or replacing the affected component with a secure alternative.