Home / Vulnerability Intelligence / CVE-2026-3744

CVE-2026-3744 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: March 9, 2026

code-projects Student Web Portal - SQL Injection

Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

code-projects Student Web Portal 1.0 contains a sql injection caused by manipulation of "reg_passwd" argument in signup.php valreg_passwdation function, letting remote attackers execute arbitrary SQL commands, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 7.3

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.

Mitigation

Update to the latest version or apply patches to fix the SQL injection vulnerability.

References

https://code-projects.org/
https://github.com/CH0ico/CVE_choco_2
https://github.com/CH0ico/CVE_choco_2/blob/main/report.md
https://vuldb.com/?ctiid.349722
https://vuldb.com/?id.349722
https://vuldb.com/?submit.767852

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3744
Severity: High
CVSS Score: 7.3
Type: sql_injection
Status: confirmed

CWE

CWE-74
CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L