EUVD-2026-14713
GHSA-c68m-rr26-fc4q
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Analysis
SourceCodester Online Admission System 1.0 contains a SQL injection vulnerability in the /programmes.php file's program parameter that allows unauthenticated remote attackers to execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Take the /programmes.php endpoint offline or restrict access to trusted networks only; scan logs for exploitation attempts; notify stakeholders and legal team. Within 7 days: Deploy WAF rules to block malicious SQL syntax in the 'program' parameter; implement input validation and parameterized queries as temporary code fixes; conduct full database audit for unauthorized access or modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today