CVE-2021-28423

HIGH

Teachers Record Management System <2.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-28423. PoCs published by nhattruong.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in Teachers Record Management System 1.0. It includes three payloads targeting different endpoints, all leveraging unauthenticated SQLi via crafted input parameters.

Description

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.

Exploits (1)

exploitdb WORKING POC
by nhattruong · textwebappsphp
https://www.exploit-db.com/exploits/50018

This exploit demonstrates multiple SQL injection vulnerabilities in Teachers Record Management System 1.0. It includes three payloads targeting different endpoints, all leveraging unauthenticated SQLi via crafted input parameters.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Teachers Record Management System 1.0
No auth needed
Prerequisites: Access to the target web application · Network connectivity to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0235
EPSS Percentile 81.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/teachers_record_management_system 1.0
Published Jul 01, 2021
Tracked Since Feb 18, 2026