PT-2026-23946 · Itsourcecode · University Event Management System
Jon0
·
Published
2026-03-08
·
Updated
2026-03-13
·
CVE-2026-3740
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode University Management System version 1.0
Description
A flaw exists in itsourcecode University Management System 1.0 that allows for SQL injection. The issue is located in the
/admin search student.php file, specifically through manipulation of the admin search student argument. This allows for remote exploitation. The exploit code has been publicly released. The vulnerable function is unknown.Recommendations
Apply any available updates or patches for itsourcecode University Management System version 1.0.
As a temporary workaround, restrict access to the
/admin search student.php file.
Sanitize the admin search student argument to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
University Event Management System