PT-2026-43084 · Yashpokharna2555 · Student Management System

Levis1

·

Published

2026-05-25

·

Updated

2026-05-25

·

CVE-2026-9470

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions yashpokharna2555 StudentManagementSystem (affected versions not specified)
Description A SQL injection issue exists in the confirm logged in() function within the student trans.php file. This flaw allows a remote attacker to manipulate the FIRST NAME, Last Name, or EMAIL arguments to execute arbitrary SQL commands. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the confirm logged in() function in the student trans.php file to minimize the risk of exploitation.

Exploit

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9470

Affected Products

Student Management System