Which versions of Student Management System are affected by CVE-2026-11530?

SQL injection vulnerability in imvks786 Student Management System login component allows remote attackers to manipulate database queries through the /index.php endpoint, potentially compromising…

Is there a public PoC exploit available for CVE-2026-11530?

Yes, a public proof-of-concept exploit is available for CVE-2026-11530. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-11530?

24 hours: Identify all instances of imvks786 Student Management System in production and assess network exposure; review access logs for suspicious login activity. 7 days: Deploy Web Application Firewall (WAF) rules blocking SQL injection patterns on /index.php; implement network segmentation restricting login access to trusted IP ranges; enable database query logging. 30 days: Contact imvks786 maintainer for vulnerability patch status; evaluate migration to alternative, actively maintained Student Management Systems with security support.

Student Management System CVE-2026-11530

Q: What is the CVSS score of CVE-2026-11530?

CVE-2026-11530 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-35154 MEDIUM

SQL Injection (CWE-89)

2026-06-08 VulDB

GHSA-3pq7-6jpj-cm4p

SQLi Student Management System

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Jun 08, 2026 - 17:22 NVD

HIGH MEDIUM

CVSS changed

Jun 08, 2026 - 17:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

Jun 08, 2026 - 17:15 vuln.today

DescriptionCVE.org

A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

SQL injection in imvks786 Student Management System (rolling release up to commit 9599b560) allows remote unauthenticated attackers to manipulate the usr and pwd parameters of /index.ph in the Login component to inject arbitrary SQL. Publicly available exploit code exists per VulDB, though the project is on a rolling release with no tagged fix and the maintainer has not responded to the issue report. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Discover exposed /index.ph login page

Delivery

Send crafted usr/pwd POST payload

Exploit

Inject SQL into authentication query

Execution

Bypass login or extract data via UNION

Persist

Dump credentials and student records

Impact

Pivot using harvested admin account