Description
A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-01
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a classic SQL injection that allows an attacker to manipulate the Username parameter in login_check.php. The injected payload can be delivered remotely, giving the attacker the ability to bypass authentication or extract arbitrary data from the database. The flaw arises from improper input validation (CWE-74) and unsanitized queries (CWE-89), allowing direct execution of malicious SQL statements.

Affected Systems

The affected product is the open‑source Student Management System provided by raisulislamg4. No specific version numbers are available because the project uses a rolling release model. The vulnerability applies to any deployment that has not yet incorporated the fix.

Risk and Exploitability

The CVSS base score is 6.9, indicating high impact. The EPSS score is not reported. The flaw is publicly disclosed and not listed in the CISA KEV catalog. Because the attack can be launched over the network and the injection payload is straightforward, the overall likelihood of exploitation remains moderate to high for exposed systems.

Generated by OpenCVE AI on June 1, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Implement prepared statements or parameterized queries for all database access involving user supplied data.
  • Validate and sanitize the Username input, allowing only expected characters and enforcing length limits.
  • Restrict remote access to the login endpoint, enforce IP blocking or multi‑factor authentication, and monitor logs for suspicious activity.

Generated by OpenCVE AI on June 1, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Title raisulislamg4 student_management_system_by_php Login login_check.php sql injection
First Time appeared Raisulislamg4
Raisulislamg4 student Management System By Php
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*
Vendors & Products Raisulislamg4
Raisulislamg4 student Management System By Php
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Raisulislamg4 Student Management System By Php
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T11:21:04.130Z

Reserved: 2026-05-31T07:58:45.903Z

Link: CVE-2026-10225

cve-icon Vulnrichment

Updated: 2026-06-01T11:20:52.464Z

cve-icon NVD

Status : Received

Published: 2026-06-01T06:16:39.753

Modified: 2026-06-01T06:16:39.753

Link: CVE-2026-10225

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T06:30:22Z

Weaknesses