PT-2026-23946 · Itsourcecode · University Event Management System

Jon0

Publicado

2026-03-08

Atualizado

2026-03-13

CVE-2026-3740

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode University Management System version 1.0

Description A flaw exists in itsourcecode University Management System 1.0 that allows for SQL injection. The issue is located in the /admin search student.php file, specifically through manipulation of the admin search student argument. This allows for remote exploitation. The exploit code has been publicly released. The vulnerable function is unknown.

Recommendations Apply any available updates or patches for itsourcecode University Management System version 1.0. As a temporary workaround, restrict access to the /admin search student.php file. Sanitize the admin search student argument to prevent SQL injection attacks.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2026-3740

Produtos afetados

University Event Management System

PT-2026-23946 · Itsourcecode · University Event Management System

CVE-2026-3740

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13