CVE-2021-26762

HIGH

PHPGurukul Student Record System 4.0 - SQL Injection via edit-course.php cid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26762. PoCs published by Jannick Tiger.

AI-analyzed exploit summary This exploit demonstrates a time-based blind SQL injection vulnerability in Student Record System 4.0 via the 'cid' parameter in edit-course.php. It includes a proof-of-concept payload and instructions for using sqlmap to exploit the vulnerability.

Description

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.

Exploits (1)

exploitdb WORKING POC
by Jannick Tiger · textwebappsphp
https://www.exploit-db.com/exploits/49513

This exploit demonstrates a time-based blind SQL injection vulnerability in Student Record System 4.0 via the 'cid' parameter in edit-course.php. It includes a proof-of-concept payload and instructions for using sqlmap to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Student Record System 4.0
Auth required
Prerequisites: Access to the application · Valid login credentials · SQL injection vulnerability in the 'cid' parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://phpgurukul.com/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49513

Scores

CVSS v3 8.8
EPSS 0.0226
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/student_record_system 4.0
Published Jul 22, 2021
Tracked Since Feb 18, 2026