PT-2026-43089 · Unknown · Student Management System
Xuns
·
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-9474
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
yashpokharna2555 StudentManagementSystem versions up to cb2f558ddf8d19396de0f92abf2d224d46a0a203
Description
Remote SQL injection is possible through the manipulation of the
ID argument in the confirm logged in() function within the '/studentdel.php' file. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.Recommendations
As a temporary workaround, avoid using the
ID parameter in the '/studentdel.php' endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Student Management System