CVE-2026-3487

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0

Description A SQL injection issue exists due to the manipulation of the course code argument within the processing of the /admin/class-result.php file. This allows for remote attacks. The exploit for this issue has been publicly released. SQL injection is a technique where malicious code is inserted into a database query, potentially allowing an attacker to access, modify, or delete data.

Recommendations For itsourcecode College Management System version 1.0, restrict access to the /admin/class-result.php file or sanitize the course code parameter to prevent SQL injection.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-3487

Affected Products

College Management System

CVE-2026-3487

Weakness Enumeration

Related Identifiers

Affected Products

References · 12