PT-2026-43084 · Yashpokharna2555 · Student Management System
Levis1
·
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-9470
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
yashpokharna2555 StudentManagementSystem (affected versions not specified)
Description
A SQL injection issue exists in the
confirm logged in() function within the student trans.php file. This flaw allows a remote attacker to manipulate the FIRST NAME, Last Name, or EMAIL arguments to execute arbitrary SQL commands. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the
confirm logged in() function in the student trans.php file to minimize the risk of exploitation.Exploit
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Student Management System