EUVD-2026-16112
GHSA-96gq-6mq2-hjpw
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the deptid parameter in the grades index page. Public exploit code is available for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from production if possible; enable enhanced monitoring and logging on the /sms/grades/index.php endpoint; notify legal and communications teams of potential breach risk. Within 7 days: Deploy WAF rules to block SQL injection patterns in the 'deptid' parameter; implement network segmentation to restrict access to the enrollment system; conduct a forensic audit for signs of exploitation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today