PT-2026-43089 · Unknown · Student Management System

Xuns

·

Published

2026-05-25

·

Updated

2026-05-25

·

CVE-2026-9474

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions yashpokharna2555 StudentManagementSystem versions up to cb2f558ddf8d19396de0f92abf2d224d46a0a203
Description Remote SQL injection is possible through the manipulation of the ID argument in the confirm logged in() function within the '/studentdel.php' file. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.
Recommendations As a temporary workaround, avoid using the ID parameter in the '/studentdel.php' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9474

Affected Products

Student Management System