Description
A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.
Published: 2026-04-14
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection allowing data extraction
Action: Apply Update
AI Analysis

Impact

A SQL injection vulnerability permits attackers to alter database queries through crafted HTTP requests. The flaw is exploitable by unauthenticated or authenticated users and can lead to extraction of sensitive database contents such as student records, login credentials, or administrative data. This represents a significant confidentiality breach and, if the attacker gains write privileges, could also modify or delete critical information. The weakness corresponds to the classic SQL injection flaw (CWE‑89).

Affected Systems

The affected product is the School Management System version 1.0 developed by manikandan580. No other vendors or versions are listed.

Risk and Exploitability

Because the vulnerability is accessible via an HTTP endpoint without requiring authentication, the attack vector is likely straightforward for remote actors. The EPSS score of 0.0003% indicates a very low probability of exploitation by malicious actors, but the CVSS score of 9.8 signifies critical severity. The issue is not catalogued by CISA, yet the lack of authentication and potential for data leakage suggest a high risk level for any system hosting the unpatched application.

Generated by OpenCVE AI on April 17, 2026 at 08:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or repository for any released updates or patches to address the vulnerability.
  • Restrict access to the vulnerable HTTP endpoint by applying firewall rules or IP whitelisting.
  • Implement server‑side input validation and enforce parameterized database queries on the affected endpoint.
  • Monitor application logs for suspicious query patterns or repeated failed requests.

Generated by OpenCVE AI on April 17, 2026 at 08:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated SQL Injection in School Management System Allowing Data Extraction

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Manikandan580
Manikandan580 school Management System
Vendors & Products Manikandan580
Manikandan580 school Management System

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated SQL Injection in School Management System Allowing Data Extraction
Weaknesses CWE-89

Tue, 14 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.
References

Subscriptions

Manikandan580 School Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T12:06:24.330Z

Reserved: 2025-11-18T00:00:00.000Z

Link: CVE-2025-65133

cve-icon Vulnrichment

Updated: 2026-04-16T11:39:28.293Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T16:16:34.180

Modified: 2026-04-17T15:33:34.050

Link: CVE-2025-65133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T09:00:10Z

Weaknesses