CVE-2026-6595

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59

Description An issue exists in the HTTP GET Parameter Handler component within the 'buslocation.php' file. Remote attackers can perform SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, by manipulating the bus id argument.

Recommendations Update ProjectsAndPrograms School Management System to a version later than 6b6fae5426044f89c08d0dd101c7fa71f9042a59. As a temporary workaround, restrict access to the 'buslocation.php' file or avoid using the bus id parameter until a patch is applied.