{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26697", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-02T18:23:06.555Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T15:25:38.804Z"}, "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-5.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T18:21:53.392715Z", "id": "CVE-2026-26697", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T18:23:06.555Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26697", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T18:21:53.392715Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T18:21:46.758Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-5.md"}], "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T15:25:38.804Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26697", "state": "PUBLISHED", "dateUpdated": "2026-03-02T18:23:06.555Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:carmelo:simple_student_alumni_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "825EA3E3-01FA-4815-8DD0-E1B62A1E2B82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=."}], "id": "CVE-2026-26697", "lastModified": "2026-03-03T19:44:26.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T14:16:27.423", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Thirtypenny77/bug_report/blob/main/code-projects/simple-student-alumni-system/SQL-5.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "simple_student_alumni_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-04-16T14:45:33.766041+00:00", "value": {"mitigation_remediation": ["Upgrade the Simple Student Alumni System to a release that addresses the SQL injection flaw; if no patch is available, plan to replace the application with a secure alternative.", "Modify the teacherID handling code to use prepared statements or properly escaped queries so that user input cannot alter SQL intent.", "Limit the database user used by the application to only the permissions required for normal operation, removing any unnecessary write or administrative rights."], "summary": {"action": "Check for patch", "impact": "Database Compromise"}, "threat_synthesis": {"affected_systems": "The affected product is the Simple Student Alumni System, version 1.0. No specific vendors are listed in the CNA data; the vulnerability is tied to this single software release.", "description_and_impact": "SQL injection is present in the Simple Student Alumni System v1.0, specifically through the teacherID parameter of the /TracerStudy/recordteacher_view.php endpoint. The flaw allows an attacker to inject arbitrary SQL statements, which can lead to viewing, updating, or deleting data stored in the underlying database. This threatens the confidentiality and integrity of student and alumni records.", "risk_and_exploitability": "The CVSS score of 4.9 places this issue in the moderate range, yet the EPSS score of less than 1 percent indicates that widespread exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog, and the attack vector is inferred to be remote via the web interface, as it is triggered by supplying a crafted teacherID value in an HTTP request."}}}}, "created": "2026-03-03T08:46:27.425073+00:00", "title": "SQL Injection in Simple Student Alumni System v1.0", "updated": "2026-04-16T15:00:14.303008+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$simple_student_alumni_system"]}