PT-2026-25707 · Itsourcecode · College Management System

Zzh01007

Publicado

2026-03-16

Atualizado

2026-03-17

CVE-2026-4238

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0

Description A flaw exists in the processing of files within the application. Specifically, the /admin/courses.php file is susceptible to SQL injection due to improper handling of the course code parameter. This allows for remote exploitation. The details of the exploit have been publicly disclosed.

Recommendations Apply a fix to address the improper handling of the course code parameter in the /admin/courses.php file.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-4238

Produtos afetados

College Management System

PT-2026-25707 · Itsourcecode · College Management System

CVE-2026-4238

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8