Sourcecodester Online Class Record System vulnerabilities

CVE-2026-2087 [MEDIUM] CWE-74 CVE-2026-2087: A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is so A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

CVE-2026-2089 [MEDIUM] CWE-74 CVE-2026-2089: A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affec A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

CVE-2026-2090 [MEDIUM] CWE-74 CVE-2026-2090: A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.