SourceCodester Online Class Record System controller.php sql injection

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Problem type

Affected products

SourceCodester

Online Class Record System

1.0 - AFFECTED

References

VDB-344656 | SourceCodester Online Class Record System controller.php sql injection

https://vuldb.com/?id.344656

vdb-entrytechnical-description

VDB-344656 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344656

signaturepermissions-required

Submit #746550 | SourceCodester Online Class Record System 1.0 SQL Injection

https://vuldb.com/?submit.746550

third-party-advisory

github.com

https://github.com/xiaoccm07/cve/issues/2

exploitissue-tracking

sourcecodester.com

https://www.sourcecodester.com/

product

GitHub Security Advisories

GHSA-v45g-2vh5-9jj2

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability...

https://github.com/advisories/GHSA-v45g-2vh5-9jj2

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2089

github.com

https://github.com/xiaoccm07/cve/issues/2

vuldb.com

https://vuldb.com/?ctiid.344656

vuldb.com

https://vuldb.com/?id.344656

vuldb.com

https://vuldb.com/?submit.746550

sourcecodester.com

https://www.sourcecodester.com

github.com

https://github.com/advisories/GHSA-v45g-2vh5-9jj2

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2089

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2089",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T15:02:08.111Z",
    "dateReserved": "2026-02-06T08:25:35.262Z",
    "datePublished": "2026-02-07T15:02:08.111Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T15:02:08.111Z"
      },
      "title": "SourceCodester Online Class Record System controller.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Online Class Record System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344656",
          "name": "VDB-344656 | SourceCodester Online Class Record System controller.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344656",
          "name": "VDB-344656 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.746550",
          "name": "Submit #746550 | SourceCodester Online Class Record System 1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/xiaoccm07/cve/issues/2",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T09:30:45.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "MrCC (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}