{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26695", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-05T15:58:25.563Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T15:24:17.298Z"}, "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-2.md", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:57:38.980578Z", "id": "CVE-2026-26695", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:58:25.563Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26695", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T15:57:38.980578Z"}}}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-2.md", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:58:08.012Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T15:24:17.298Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26695", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:58:25.563Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "825EA3E3-01FA-4815-8DD0-E1B62A1E2B82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php."}], "id": "CVE-2026-26695", "lastModified": "2026-03-05T16:16:16.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T15:16:36.320", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-2.md"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "simple_student_alumni_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-04-17T13:43:51.548270+00:00", "value": {"mitigation_remediation": ["Apply a patch for Simple Student Alumni System when one becomes available", "Replace string concatenation of user input with parameterized queries or stored procedures in recordstudent_edit.php to eliminate the injection surface", "Deploy a web application firewall or intrusion detection system to detect and block suspicious SQL injection patterns"], "summary": {"action": "Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "Only the open\u2011source \"Simple Student Alumni System\" developed by the community, version 1.0, is affected. No vendor or patch version information is listed beyond the product name and version.", "description_and_impact": "Simple Student Alumni System version 1.0 contains a classic SQL injection flaw in the /TracerStudy/recordstudent_edit.php script. An attacker can supply crafted input that bypasses query logic and manipulates the underlying SQL statements. This enables exploitation of the database, allowing an adversary to read, modify, or delete data, potentially revealing personal information and disrupting system operations.", "risk_and_exploitability": "Based on the description, it is inferred that the attack vector is remote over the web interface, as the vulnerability resides in a publicly accessible PHP script that accepts user input. The flaw results from unsanitized input concatenated directly into SQL statements, creating a classic CWE\u201189 vulnerability. The CVSS score of 9.8 indicates high severity, while an EPSS score of less than 1 percent suggests a low current exploitation probability. The vulnerability is not yet recorded in CISA\u2019s KEV catalog, but the lack of a KEV listing does not diminish the risk of unnoticed attacks."}}}}, "created": "2026-03-03T08:46:45.871903+00:00", "title": "SQL Injection Vulnerability in Simple Student Alumni System v1.0", "updated": "2026-04-17T13:45:16.035493+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$simple_student_alumni_system"]}