CVE-2026-10620 PUBLISHED

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

• Xu Zhihan (VulDB User) reporter

• VDB-367928 | code-projects Student Admission System index.php sql injection
• VDB-367928 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-10620 | CVE Analysis and Report
• Submit #829586 | code-projects Student Admission System V1.0 SQL Injection
• Submit #829606 | code-projects Student Admission System V1.0 SQL Injection (Duplicate)
• https://github.com/Xu-Zhihan/CVE/issues/12
• https://github.com/Xu-Zhihan/CVE/issues/13
• https://code-projects.org/

• SQL Injection CWE
• Injection CWE