{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5195", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-30T22:23:58.320Z", "datePublished": "2026-03-31T08:15:13.647Z", "dateUpdated": "2026-03-31T12:45:21.409Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-31T08:15:13.647Z"}, "title": "code-projects Student Membership System User Registration sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Student Membership System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["User Registration Handler"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-30T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-31T00:29:17.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "nomath (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354293", "name": "VDB-354293 | code-projects Student Membership System User Registration sql injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/354293/cti", "name": "VDB-354293 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780398", "name": "Submit #780398 | code-projects Student Membership System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/maidangdang1/CVE/issues/1", "tags": ["issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T12:43:49.740828Z", "id": "CVE-2026-5195", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T12:45:21.409Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5195", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T12:43:49.740828Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T12:45:16.174Z"}}], "cna": {"tags": ["x_freeware"], "title": "code-projects Student Membership System User Registration sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "nomath (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}], "affected": [{"vendor": "code-projects", "modules": ["User Registration Handler"], "product": "Student Membership System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-30T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-31T00:29:17.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354293", "name": "VDB-354293 | code-projects Student Membership System User Registration sql injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/354293/cti", "name": "VDB-354293 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780398", "name": "Submit #780398 | code-projects Student Membership System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/maidangdang1/CVE/issues/1", "tags": ["issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-31T08:15:13.647Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5195", "state": "PUBLISHED", "dateUpdated": "2026-03-31T12:45:21.409Z", "dateReserved": "2026-03-30T22:23:58.320Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-31T08:15:13.647Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en el Sistema de Membres\u00eda Estudiantil 1.0 de code-projects. Este problema afecta a alg\u00fan procesamiento desconocido del componente Gestor de Registro de Usuario. La ejecuci\u00f3n de una manipulaci\u00f3n puede conducir a una inyecci\u00f3n SQL. El ataque puede lanzarse remotamente."}], "id": "CVE-2026-5195", "lastModified": "2026-04-24T18:11:16.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-31T09:16:23.013", "references": [{"source": "cna@vuldb.com", "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "url": "https://github.com/maidangdang1/CVE/issues/1"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/780398"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354293"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354293/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "student_membership_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-03-31T09:21:10.824103+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch for Student Membership System 1.0 when it becomes available.", "Modify the User Registration Handler to use parameterized queries or properly escape all user-provided input.", "Limit registration to authenticated or trusted users and consider adding rate limiting to the endpoint.", "Regularly review application logs for anomalous SQL behavior to detect potential exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection enabling unauthorized data access"}, "threat_synthesis": {"affected_systems": "The Student Membership System version 1.0 from code\u2011projects is affected. No other versions are listed, so current deployments of 1.0 remain vulnerable until patched.", "description_and_impact": "A flaw in the Student Membership System\u2019s User Registration Handler permits SQL injection. An attacker can craft input that is executed directly against the database, potentially allowing unauthorized read or modify operations on sensitive data. The weakness aligns with CWE\u201189 (SQL Injection) and CWE\u201174 (Incorrect Encoding). This type of vulnerability compromises confidentiality and integrity of user information.", "risk_and_exploitability": "A CVSS score of 6.9 indicates moderate to high severity, and the attack can be launched remotely via the public registration interface. EPSS data is unavailable and the vulnerability is not in the CISA KEV catalog, suggesting it is not yet widely exploited. The likely attack vector is remote submission of malicious registration data, and the path requires only web access to the affected component."}}}}, "created": "2026-03-31T19:56:05.237722+00:00", "updated": "2026-04-03T09:10:28.018475+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$student_membership_system"]}