{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26694", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-03T14:55:06.537Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T14:49:28.393Z"}, "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-3.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T14:53:57.530022Z", "id": "CVE-2026-26694", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T14:55:06.537Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26694", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T14:53:57.530022Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T14:55:00.510Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-3.md"}], "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T14:49:28.393Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26694", "state": "PUBLISHED", "dateUpdated": "2026-03-03T14:55:06.537Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "825EA3E3-01FA-4815-8DD0-E1B62A1E2B82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php."}], "id": "CVE-2026-26694", "lastModified": "2026-03-03T19:44:43.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T15:16:36.203", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-3.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "simple_student_alumni_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-04-16T14:46:37.883232+00:00", "value": {"mitigation_remediation": ["Apply the vendor's security update or upgrade to a patched version of Simple Student Alumni System", "Implement input validation and protected database queries using prepared statements or parameterized queries to eliminate unsanitized user input", "Restrict the database user privileges to the minimum necessary for the application, limiting potential damage if an injection succeeds"], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection enabling unauthorized data access"}, "threat_synthesis": {"affected_systems": "The affected software is Carmelo's Simple Student Alumni System, version\u202f1.0, as deployed from the source at the referenced GitHub repository. No other vendors or product versions are listed as impacted.", "description_and_impact": "The vulnerability is a classic SQL injection flaw in the Web application's modal_view.php script. An attacker can supply crafted input that is not properly sanitized and that is executed by the underlying database, potentially disclosing sensitive student and alumni records or modifying stored data. The weakness matches the Common Weakness Enumeration identifier CWE-89.", "risk_and_exploitability": "The CVSS base score of 9.8 indicates a high severity level, but the EPSS score of less than\u202f1\u202fpercent suggests that real\u2011world exploitation events are currently rare. Because the flaw is exposed to remote users through the web interface, the attack vector is public, and no authentication or elevated privileges are required to trigger the exploit. The system is not listed in the CISA KEV catalog, meaning no publicly known exploits are catalogued yet. Nonetheless the high severity warrants early attention and mitigation."}}}}, "created": "2026-03-03T08:46:47.295425+00:00", "title": "SQL Injection in Simple Student Alumni System 1.0 via modal_view.php", "updated": "2026-04-16T15:00:14.304487+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$simple_student_alumni_system"]}