CVE-2026-2158 PUBLISHED

A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.

• TrySec (VulDB User) reporter

• VDB-344860 | code-projects Student Web Portal check_user.php sql injection
• VDB-344860 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #748816 | code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CODE 1.0 SQL Injection
• https://github.com/Qing-420/cve/blob/main/sql.md
• https://code-projects.org/

• SQL Injection CWE
• Injection CWE