CVE-2026-10226

Name of the Vulnerable Software and Affected Versions raisulislamg4 student management system by php versions prior to 310d950e09013d5133c6b9210aff9444382d16d1

Description A remote SQL injection can occur due to a flaw in an unknown function within the 'delete.php' file. This issue is triggered by manipulating the user id, course id, teacher id, student id, or application id arguments. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to interfere with the database.

Recommendations Update to a version later than 310d950e09013d5133c6b9210aff9444382d16d1. As a temporary workaround, restrict access to the 'delete.php' file or avoid using the user id, course id, teacher id, student id, and application id parameters until a fix is applied.