{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5182", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-30T19:02:06.324Z", "datePublished": "2026-03-31T05:45:14.695Z", "dateUpdated": "2026-03-31T12:57:52.304Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-31T05:45:14.695Z"}, "title": "SourceCodester Teacher Record System Parameter sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "SourceCodester", "product": "Teacher Record System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-30T21:07:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dyh18 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354250", "name": "VDB-354250 | SourceCodester Teacher Record System Parameter sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354250/cti", "name": "VDB-354250 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780379", "name": "Submit #780379 | SourceCodester Teacher Record System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dyh1213-wq/cve/issues/6", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T12:51:56.732811Z", "id": "CVE-2026-5182", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T12:57:52.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5182", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T12:51:56.732811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T12:52:31.106Z"}}], "cna": {"tags": ["x_freeware"], "title": "SourceCodester Teacher Record System Parameter sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "dyh18 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "SourceCodester", "modules": ["Parameter Handler"], "product": "Teacher Record System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-30T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-30T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-30T21:07:10.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354250", "name": "VDB-354250 | SourceCodester Teacher Record System Parameter sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354250/cti", "name": "VDB-354250 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780379", "name": "Submit #780379 | SourceCodester Teacher Record System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dyh1213-wq/cve/issues/6", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-31T05:45:14.695Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5182", "state": "PUBLISHED", "dateUpdated": "2026-03-31T12:57:52.304Z", "dateReserved": "2026-03-30T19:02:06.324Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-31T05:45:14.695Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Teacher Record System 1.0. Afecta a una funci\u00f3n desconocida del archivo Teacher Record System del componente Gestor de Par\u00e1metros. Realizar una manipulaci\u00f3n del argumento searchteacher resulta en inyecci\u00f3n SQL. Es posible iniciar el ataque remotamente. El exploit se ha hecho p\u00fablico y podr\u00eda ser usado."}], "id": "CVE-2026-5182", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-31T06:16:01.337", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/dyh1213-wq/cve/issues/6"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/780379"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354250"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354250/cti"}, {"source": "cna@vuldb.com", "url": "https://www.sourcecodester.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "teacher_record_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-03-31T07:20:50.863657+00:00", "value": {"mitigation_remediation": ["Apply the latest patch or upgrade from SourceCodester to a non\u2011vulnerable version of Teacher Record System.", "If a patch is not available, modify the searchteacher input handling to properly escape or use parameterized queries.", "Restrict external access to the Teacher Record System application or place it behind a firewall.", "Monitor application logs for suspicious SQL activity and conduct vulnerability scans."], "summary": {"action": "Patch Immediately", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is SourceCodester\u2019s Teacher Record System version 1.0. No other versions are listed as vulnerable. This version is known to use the Parameter Handler component that processes the searchteacher variable, leading to the injection flaw. Impacted users should verify whether they run exactly 1.0 or later releases, as patching newer versions may eliminate the flaw.", "description_and_impact": "An attacker can manipulate the searchteacher argument in the Teacher Record System\u2019s Parameter Handler. This insufficiently sanitized input allows arbitrary SQL statements to be executed against the database. The vulnerability enables remote SQL injection, potentially exposing sensitive student records or allowing unauthorized modification of data. The weakness is a classic input validation flaw, aligned with CWE-74 and CWE-89.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The publicly available exploit demonstrates that the flaw can be triggered remotely, likely via a crafted HTTP request containing a malicious searchteacher parameter. Given the lack of a CVE-kev listing and the moderate score, the risk remains significant for systems that still run the vulnerable version, especially if they expose the Teacher Record System to the internet. The vulnerability can be exploited without requiring authentication, making it a high\u2011threat scenario for unprotected deployments."}}}}, "created": "2026-03-31T19:56:10.930231+00:00", "updated": "2026-04-03T09:10:29.902400+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$teacher_record_system"]}