{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/student-details-management-system-1.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-10110"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Student Details Management System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":["code-projects"],"content_html":"\u003cp\u003eCVE-2026-10110 is a SQL injection vulnerability found in version 1.0 of the code-projects Student Details Management System. This vulnerability resides in the \u003ccode\u003e/index.php\u003c/code\u003e file and can be exploited by manipulating the \u003ccode\u003eroll\u003c/code\u003e argument. Successful exploitation allows remote attackers to inject arbitrary SQL commands into the application\u0026rsquo;s database queries. Given the public availability of the exploit, organizations using this system are at immediate risk of unauthorized data access, modification, or deletion. This poses a significant threat to data integrity and confidentiality within educational institutions or organizations managing student data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies the vulnerable \u003ccode\u003e/index.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting \u003ccode\u003e/index.php\u003c/code\u003e with a manipulated \u003ccode\u003eroll\u003c/code\u003e parameter containing SQL injection payloads (e.g., using SQL keywords like \u003ccode\u003eUNION\u003c/code\u003e, \u003ccode\u003eSELECT\u003c/code\u003e, or conditional logic).\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize or validate the \u003ccode\u003eroll\u003c/code\u003e parameter before using it in a SQL query.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL query is executed against the database, potentially bypassing authentication or authorization controls.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive information from the database, such as student names, addresses, grades, or login credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies or deletes data within the database, potentially disrupting the application\u0026rsquo;s functionality or causing data loss.\u003c/li\u003e\n\u003cli\u003eThe attacker could potentially use the SQL injection vulnerability to escalate privileges within the application or gain access to the underlying operating system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10110 can lead to unauthorized access to sensitive student data, including personally identifiable information (PII). An attacker could potentially gain full control of the database, leading to data breaches, data corruption, or denial-of-service. Given that the exploit is publicly available, the risk of widespread exploitation is high, potentially affecting any organization utilizing the vulnerable Student Details Management System 1.0. The impact could range from reputational damage to legal and regulatory consequences due to data protection violations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eroll\u003c/code\u003e parameter in \u003ccode\u003e/index.php\u003c/code\u003e to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Exploitation of CVE-2026-10110 via Malicious roll Parameter\u0026rdquo; to detect exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement parameterized queries or prepared statements to prevent SQL injection by separating SQL code from user-supplied data.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to \u003ccode\u003e/index.php\u003c/code\u003e containing SQL injection payloads, as detected by the rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T07:17:59Z","date_published":"2026-05-30T07:17:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-10110-sql-injection/","summary":"CVE-2026-10110 is a SQL injection vulnerability in code-projects Student Details Management System 1.0, allowing a remote attacker to execute arbitrary SQL commands by manipulating the 'roll' argument in the /index.php file, potentially leading to data breaches and unauthorized access.","title":"CVE-2026-10110: SQL Injection Vulnerability in Student Details Management System","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-10110-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Student Details Management System 1.0","version":"https://jsonfeed.org/version/1.1"}