Home / Vulnerability Intelligence / CVE-2026-3745

CVE-2026-3745 - Vulnerability Analysis

MediumCVSS: 6.3

Last Updated: March 9, 2026

code-projects Student Web Portal - SQL Injection

Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

code-projects Student Web Portal 1.0 contains a sql injection caused by manipulation of the "User" argument in profile.php, letting remote attackers execute arbitrary SQL commands, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 6.3

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version or apply patches to fix the SQL injection vulnerability.

References

https://github.com/CH0ico/CVE_choco_4/blob/main/report.md
https://vuldb.com/?ctiid.349723
https://vuldb.com/?id.349723
https://vuldb.com/?submit.767854
https://code-projects.org/
https://github.com/CH0ico/CVE_choco_4

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3745
Severity: Medium
CVSS Score: 6.3
Type: sql_injection
Status: confirmed

CWE

CWE-74
CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L