CVE-2026-5575 MEDIUM

CVE-2026-5575: SourceCodester/jkev Record Management System Login index.php sql injection

Vendor Sourcecodester

Product Record Management System

Weakness CWE-89 · SQLi

Published April 5, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

Key dates

Disclosure timeline

April 5, 2026 CVE published

April 7, 2026 Record updated

Identifiers

CVE CVE-2026-5575

CWE CWE-89

CVSS 6.9 / MEDIUM

Affected versions

Vendor Sourcecodester

Product Record Management System

Affected 1.0

Vendor Jkev

Product Record Management System

Affected 1.0