Skip to main content

student-management-system EUVD-2026-35006

| CVE-2026-11475 LOW
SQL Injection (CWE-89)
2026-06-08 VulDB GHSA-w94m-2g78-42xf
PHP SQLi
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 02:29 vuln.today
Severity Changed
Jun 08, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jun 08, 2026 - 02:22 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of the argument nic can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

SQL injection in the getStatus function of controllers/GradeController.php within Kushan2k's student-management-system exposes the Certificate Verification Endpoint to database manipulation by low-privileged remote attackers via the nic parameter. A publicly available exploit (proof-of-concept via GitHub issue) lowers the practical bar for abuse despite the CVSS 4.0 base score of 2.1. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege account credentials
Delivery
Authenticate to student-management-system
Exploit
Send crafted request to Certificate Verification Endpoint
Execution
Inject malicious SQL via nic parameter
Impact
Extract or modify records from application database
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid low-privilege account in the student management system (PR:L per CVSS 4.0 vector) - unauthenticated external exploitation is not indicated by available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 2.1 is unusually low for a network-accessible SQL injection and warrants explanation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A student or staff member with a valid low-privilege account submits a crafted value for the `nic` parameter to the Certificate Verification Endpoint - for example, appending a SQL fragment like `' OR '1'='1` or a UNION-based payload - which the `getStatus` function passes unsanitized to the database query. A publicly available proof-of-concept linked in GitHub issue #2 demonstrates the technique, enabling an attacker with basic SQL injection knowledge to enumerate, extract, or modify records in the underlying database.
Remediation No vendor-released patch has been identified at time of analysis - the maintainer was notified via GitHub issue (https://github.com/Kushan2k/student-management-system/issues/2) but has not responded. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49952 CRITICAL POC
9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
CVE-2026-49954 HIGH POC
8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
CVE-2026-27053 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
CVE-2026-49104 CRITICAL
9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

Share

EUVD-2026-35006 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy