CVE-2026-1589
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Analysis
SQL injection in itsourcecode School Management System 1.0 via the txtsearch parameter in /ramonsys/inquiry/index.php enables unauthenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of School Management System 1.0 in your environment and isolate affected systems from public-facing networks. Within 7 days: Implement compensating controls including WAF rules to block requests to /ramonsys/inquiry/index.php, enforce network segmentation, and enable enhanced logging on affected systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today