What is CVE-2026-3745?

CVE-2026-3745 is a medium-severity vulnerability in Carmelo Student_web_portal, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2026-03-08.

How severe is CVE-2026-3745?

Medium severity. CVSS v3 base score is 6.3 out of 10.

SQL Injection in Carmelo Student_web_portal

CVE-2026-3745

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit ha…

EPSS: 0.001 (19.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Carmelo Student_web_portal — versions 1.0
Code-projects Student Web Portal — versions 1.0

Weakness classification (CWE)

References

VDB-349723 | code-projects Student Web Portal profile.php sql injection (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-349723 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #767854 | code-projects STUDENT WEB PORTAL V1.0 SQL Injection (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (related, Third Party Advisory)
cna@vuldb.com (Exploit, Third Party Advisory, exploit)
cna@vuldb.com (Product, product)

Frequently asked questions

What is CVE-2026-3745?: CVE-2026-3745 is a medium-severity vulnerability in Carmelo Student_web_portal, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2026-03-08.
How severe is CVE-2026-3745?: Medium severity. CVSS v3 base score is 6.3 out of 10.