Login Sign Up

CVE-2026-2158

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

CVE-2026-2158 is a SQL injection vulnerability in code-projects Student Web Portal 1.0 that allows remote attackers to execute arbitrary SQL commands via the Username parameter in /check_user.php. This can lead to unauthorized data access, modification, or deletion. All deployments of Student Web Portal 1.0 are affected.

💻 Affected Systems

Products:
  • code-projects Student Web Portal
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.0 are vulnerable. The vulnerability exists in the default installation.

📦 What is this software?

Student Web Portal by Carmelo

View all CVEs affecting Student Web Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential server takeover via SQL injection to RCE escalation.

🟠

Likely Case

Unauthorized access to student records, grade manipulation, credential theft, and potential privilege escalation within the portal.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or partial data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via Username parameter requires no authentication. Public proof-of-concept exists in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize Username parameter before processing

Modify /check_user.php to implement parameterized queries or input sanitization

Web Application Firewall Rule

all

Block SQL injection patterns in Username parameter

Add WAF rule to detect and block SQL injection attempts on /check_user.php

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to the portal
  • Deploy a web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test /check_user.php with SQL injection payloads in Username parameter (e.g., ' OR '1'='1)

Check Version:

Check portal version in admin interface or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and return appropriate error messages

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in web server logs
  • Unusual database queries from web application
  • Multiple failed login attempts with SQL patterns

Network Indicators:

  • HTTP POST requests to /check_user.php containing SQL keywords
  • Unusual database traffic patterns

SIEM Query:

source="web_logs" AND uri="/check_user.php" AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "OR '1'='1")

📊 Metadata

CVE ID: CVE-2026-2158
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (12.2th percentile)
Published: February 8, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2158, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)