CVE-2026-10227
Received Received - Intake
SQL Injection in Student Management System by PHP

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-01
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-10227
EUVD
EUVD-2026-33560
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raisulislamg4 student_management_system_by_php to 310d950e09013d5133c6b9210aff9444382d16d1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows unauthenticated attackers to create new user accounts, including administrative ones, without any authentication or privilege checks. This leads to complete system compromise and permanent backdoor access.

Such unauthorized access and potential data manipulation can result in violations of data protection regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive data.

Therefore, this vulnerability undermines compliance with these standards by exposing the system to unauthorized data access and potential data breaches.


Can you explain this vulnerability to me?

This vulnerability exists in the Student Management System by PHP, specifically in the add_user_check.php file within the User Creation Handler component. It allows an attacker to manipulate the 'role' argument to perform SQL injection. More critically, the system fails to verify if the requester is authenticated or has administrative privileges before creating new user accounts.

As a result, an unauthenticated attacker can send a crafted POST request to create new users, including administrative accounts, without any checks. This leads to privilege escalation and full administrative access to the system.


How can this vulnerability impact me? :

The vulnerability can lead to complete system compromise by allowing attackers to create arbitrary user accounts with administrative privileges without authentication.

  • Attackers can gain full administrative access to the application.
  • Permanent backdoor access can be established.
  • It can be chained with other vulnerabilities such as stored cross-site scripting (XSS) or SQL injection for further exploitation.

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the add_user_check.php endpoint that include the role parameter set to admin or other elevated roles without proper authentication.

A practical detection method is to capture and analyze HTTP traffic for such crafted POST requests attempting to create new users with administrative privileges.

Example command using curl to test if the vulnerability exists by attempting to create an admin user:

  • curl -X POST -d "username=eviladmin&password=1234&role=admin" http://target-system/add_user_check.php

Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to add_user_check.php containing the role parameter with suspicious values.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the add_user_check.php script to authenticated and authorized users only.

Implement proper authentication and authorization checks before processing user creation requests to ensure only legitimate administrators can create new users.

If possible, temporarily disable or restrict the vulnerable endpoint until a patch or update is available.

Monitor logs for any suspicious user creation attempts and change any compromised credentials immediately.

Consider applying web application firewall (WAF) rules to block requests with suspicious role parameters or unauthorized user creation attempts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart