Platform
php
Fixed in
1.0.1
CVE-2026-5182 describes a SQL Injection vulnerability discovered in SourceCodester Teacher Record System version 1.0. This flaw allows attackers to manipulate database queries through the 'searchteacher' parameter, potentially leading to unauthorized data access and modification. The vulnerability is remotely exploitable and a public proof-of-concept exists, highlighting the urgency of remediation.
Successful exploitation of CVE-2026-5182 could grant an attacker unauthorized access to sensitive data stored within the Teacher Record System database. This includes student records, teacher information, grades, and potentially administrative credentials. An attacker could modify or delete data, leading to data integrity issues and disruption of school operations. The SQL Injection nature of the vulnerability allows for arbitrary database queries, significantly expanding the potential impact. Given the public availability of a proof-of-concept, the risk of exploitation is considered high.
CVE-2026-5182 has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. It is currently not listed on the CISA KEV catalog. The vulnerability's ease of exploitation, combined with the public availability of a PoC, suggests that attackers are likely actively scanning for and exploiting vulnerable instances of the Teacher Record System.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5182 is to upgrade to a patched version of the Teacher Record System. As no fixed version is currently available, immediate steps should focus on temporary workarounds. Implement a Web Application Firewall (WAF) rule to filter potentially malicious SQL injection attempts targeting the 'searchteacher' parameter. Strict input validation on the server-side is also crucial, ensuring that user-supplied input is properly sanitized and escaped before being used in database queries. Consider restricting database user permissions to limit the impact of a successful attack.
Update to a patched version of the Teacher Record System provided by the vendor, SourceCodester, that fixes the (SQL Injection) vulnerability. If a patched version is not available, consider disabling or removing the affected component until a solution can be applied.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5182 is a SQL Injection vulnerability in SourceCodester Teacher Record System version 1.0, allowing attackers to manipulate database queries through the 'searchteacher' parameter.
If you are using SourceCodester Teacher Record System version 1.0, you are potentially affected by this vulnerability. Upgrade is recommended.
Upgrade to a patched version of Teacher Record System. Until a patch is available, implement WAF rules and strict input validation to mitigate the risk.
Due to the public availability of a proof-of-concept, CVE-2026-5182 is likely being actively exploited.
Refer to the SourceCodester website or relevant security forums for updates and advisories regarding CVE-2026-5182.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.