CVE-2020-23935

CRITICAL

Kabir Alhasan Student Management System 1.0 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-23935. PoCs published by Enes Özeser.

AI-analyzed exploit summary This exploit demonstrates an SQL injection authentication bypass in Student Management System 1.0 by injecting a single quote and comment character into the username field, effectively bypassing authentication. The HTTP request shows the exact payload used to exploit the vulnerability.

Description

Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

Exploits (1)

exploitdb WORKING POC
by Enes Özeser · textwebappsphp
https://www.exploit-db.com/exploits/50579

This exploit demonstrates an SQL injection authentication bypass in Student Management System 1.0 by injecting a single quote and comment character into the username field, effectively bypassing authentication. The HTTP request shows the exact payload used to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Student Management System 1.0
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.1593
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
kabir-m-alhasan/student_management_system 1.0
Published Aug 20, 2020
Tracked Since Feb 18, 2026