PT-2026-6693 · Itsourcecode · Sourcecodester Student Management System
Tianrenu
·
Published
2026-02-06
·
Updated
2026-02-11
·
CVE-2026-2011
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Student Management System version 1.0
Description
A flaw exists in itsourcecode Student Management System that allows for remote SQL injection. The issue is located in the
/ramonsys/enrollment/controller.php file, specifically through manipulation of the ID argument within an unknown function. The exploit for this issue has been publicly released.Recommendations
Apply any available updates or patches for itsourcecode Student Management System version 1.0.
As a temporary workaround, restrict access to the
/ramonsys/enrollment/controller.php file.
Avoid using the ID parameter in the affected file until the issue is resolved.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Student Management System