Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Student Web Portal 1.0 Can Be Hacked by Malicious User Input
CVE-2026-3745
Summary
A flaw in the Student Web Portal 1.0 allows hackers to inject malicious code into the system. This could lead to sensitive data being stolen or altered. To protect your system, update to the latest version of the software or apply a patch.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| carmelo | student_web_portal | 1.0 | – |
Original title
A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attac...
Original description
A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026