SQL Injection Vulnerability in Code-Projects Student Web Portal by Code-Projects
CVE-2026-2158

6.9MEDIUM

Key Information:

Vendor

Code-projects

Status
Student Web Portal
Vendor
CVE Published:
8 February 2026

What is CVE-2026-2158?

A SQL injection vulnerability has been discovered in the Code-Projects Student Web Portal version 1.0, specifically within the /check_user.php file. This vulnerability enables unauthorized attackers to manipulate the Username argument, potentially allowing them to execute arbitrary SQL commands remotely. This poses a significant risk for data breaches and unauthorized access, necessitating prompt remediation to safeguard sensitive information.

Affected Version(s)

Student Web Portal 1.0

References

https://vuldb.com/?id.344860
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344860
signaturepermissions-required
https://vuldb.com/?submit.748816
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TrySec (VulDB User)
.