CVE-2026-5196
Description
A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Student Membership System 1.0's /delete_member.php allows remote attackers to delete records or execute arbitrary SQL commands.
Vulnerability
A SQL injection vulnerability exists in the file /delete_member.php of code-projects Student Membership System 1.0. The $_POST['id'] parameter is directly concatenated into a SQL DELETE statement without proper sanitization or parameterization, allowing an attacker to manipulate the query [1].
Exploitation
The attack is remotely exploitable and does not require authentication. By supplying a crafted id parameter, an attacker can inject arbitrary SQL commands into the DELETE statement, such as altering the query to delete all members or execute database-level commands [1].
Impact
Successful exploitation can lead to unauthorized deletion of member records or, via injection of DROP TABLE commands, permanent loss of entire database tables. This can result in data integrity compromise and service disruption [1].
Mitigation
As of the publication date, no official patch has been released. The vendor recommends using prepared statements (PDO or mysqli) and strict input validation to prevent SQL injection. Users should apply input sanitization or consider upgrading to a secure alternative [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.