SourceCodester Online Class Record System search.php sql injection

A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Problem type

Affected products

SourceCodester

Online Class Record System

1.0 - AFFECTED

References

VDB-344657 | SourceCodester Online Class Record System search.php sql injection

https://vuldb.com/?id.344657

vdb-entrytechnical-description

VDB-344657 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344657

signaturepermissions-required

Submit #746551 | SourceCodester Online Class Record System 1.0 SQL Injection

https://vuldb.com/?submit.746551

third-party-advisory

github.com

https://github.com/xiaoccm07/cve/issues/3

exploitissue-tracking

sourcecodester.com

https://www.sourcecodester.com/

product

GitHub Security Advisories

GHSA-529g-c6f2-964g

A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue...

https://github.com/advisories/GHSA-529g-c6f2-964g

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2090

github.com

https://github.com/xiaoccm07/cve/issues/3

vuldb.com

https://vuldb.com/?ctiid.344657

vuldb.com

https://vuldb.com/?id.344657

vuldb.com

https://vuldb.com/?submit.746551

sourcecodester.com

https://www.sourcecodester.com

github.com

https://github.com/advisories/GHSA-529g-c6f2-964g

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2090

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2090",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T15:32:07.605Z",
    "dateReserved": "2026-02-06T08:25:40.592Z",
    "datePublished": "2026-02-07T15:32:07.605Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T15:32:07.605Z"
      },
      "title": "SourceCodester Online Class Record System search.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Online Class Record System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344657",
          "name": "VDB-344657 | SourceCodester Online Class Record System search.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344657",
          "name": "VDB-344657 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.746551",
          "name": "Submit #746551 | SourceCodester Online Class Record System 1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/xiaoccm07/cve/issues/3",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T09:30:46.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "MrCC (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}