CVE-2026-10620

Description

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

References

• https://code-projects.org/
• https://github.com/Xu-Zhihan/CVE/issues/12
• https://github.com/Xu-Zhihan/CVE/issues/13
• https://vuldb.com/cve/CVE-2026-10620
• https://vuldb.com/submit/829586