CVE-2026-10227 raisulislamg4 CVE debrief

Who should care

Organizations or individuals deploying instances of the raisulislamg4/student_management_system_by_php repository; security teams monitoring for SQL injection exposure in PHP-based student management applications; developers maintaining forked versions of this project

Technical summary

The `role` argument in `add_user_check.php` of the User Creation Handler component is vulnerable to SQL injection due to insufficient input sanitization. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL commands against the underlying database. The vulnerability affects all versions up to commit 310d950e09013d5133c6b9210aff9444382d16d1. A proof-of-concept exploit has been publicly disclosed. The project follows a rolling release approach without discrete version numbering.

Defensive priority

medium

Recommended defensive actions

• Apply input validation and parameterized queries (prepared statements) to the `role` parameter in `add_user_check.php`
• Sanitize all user-supplied input before incorporating into SQL queries
• Monitor for unauthorized database access or anomalous query patterns
• Consider implementing a Web Application Firewall (WAF) rule to detect SQL injection payloads in the `role` parameter
• Review additional endpoints in the User Creation Handler for similar injection vulnerabilities
• Engage with the project maintainer via the reported GitHub issue to coordinate disclosure and remediation

Evidence notes

Vulnerability identified in commit 310d950e09013d5133c6b9210aff9444382d16d1 and earlier. The `role` parameter in `add_user_check.php` is the confirmed injection point. CVSS 4.0 vector indicates network attack vector, low attack complexity, no required privileges, and no user interaction, with proof-of-concept exploit availability (E:P). Weaknesses mapped to CWE-74 (Improper Neutralization of Special Elements in Output) and CWE-89 (SQL Injection).

Official resources