CVE-2026-3487

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0

Description A SQL injection issue exists due to the manipulation of the course code argument within the processing of the /admin/class-result.php file. This allows for remote attacks. The exploit for this issue has been publicly released. SQL injection is a technique where malicious code is inserted into a database query, potentially allowing an attacker to access, modify, or delete data.

Recommendations For itsourcecode College Management System version 1.0, restrict access to the /admin/class-result.php file or sanitize the course code parameter to prevent SQL injection.