CVE-2026-2189
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Analysis
SQL injection in itsourcecode School Management System 1.0 allows unauthenticated remote attackers to manipulate the 'ay' parameter in /ramonsys/report/index.php, potentially enabling data exfiltration, modification, or service disruption. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for deployed instances.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected School Management System instances from production networks and disable access to /ramonsys/report/index.php if operationally feasible. Within 7 days: Deploy WAF rules to block malicious requests to the vulnerable endpoint, implement network segmentation to restrict database access, and conduct forensic logs review for exploitation evidence. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today