CVE-2020-26051

CRITICAL

College Management System Php 1.0 - SQL Injection via Unfiltered POST Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-26051. PoCs published by BLAY ABU SAFIAN.

AI-analyzed exploit summary This writeup describes an SQL injection vulnerability in the College Management System Php 1.0, where the 'unametxt' and 'pwdtxt' POST parameters are not sanitized, allowing authentication bypass via a payload like ' or 1=1 --. No exploit code is provided, only a description and payload example.

Description

College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.

Exploits (1)

exploitdb WRITEUP

by BLAY ABU SAFIAN · textwebappsphp

https://www.exploit-db.com/exploits/48593

View Code ZIP pw:eip

This writeup describes an SQL injection vulnerability in the College Management System Php 1.0, where the 'unametxt' and 'pwdtxt' POST parameters are not sanitized, allowing authentication bypass via a payload like ' or 1=1 --. No exploit code is provided, only a description and payload example.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: College-Management-System-Php 1.0

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/48593

Scores

CVSS v3 9.8

EPSS 0.0240

EPSS Percentile 81.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

college_management_system_project/college_management_system 1.0

Published Feb 08, 2021

Tracked Since Feb 18, 2026