Description
A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-01
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in a function of delete.php within the Student Management System that allows an attacker to manipulate the user_id, course_id, teacher_id, student_id, or application_id parameters. This manipulation results in an untrusted input being incorporated into an SQL query without proper sanitization, enabling SQL injection (CWE-89). The impact of successfully exploiting this flaw is the ability to read, modify, or delete data in the underlying database, potentially exposing sensitive student or teacher information. The vulnerability is classified as a medium severity flaw (CVSS 6.9).

Affected Systems

The affected product is raisulislamg4’s Student Management System written in PHP. No specific release numbers are provided because the project follows a rolling‑release model. All versions built up to the commit identified by 310d950e09013d5133c6b9210aff9444382d16d1 are potentially vulnerable until a patch is released.

Risk and Exploitability

The flaw can be exploited remotely through the delete.php endpoint by crafting malicious query parameters. Publicly available exploits suggest that attackers can achieve this attack vector without special privileges. Although the EPSS score is not available, the existence of a published exploit and the CVSS score of 6.9 indicate a moderate to high risk of exploitation, especially for organizations that do not restrict access to the endpoint.

Generated by OpenCVE AI on June 1, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to the latest release that includes a fix for the delete.php SQL injection if one becomes available.
  • If no patch is available, modify delete.php to use parameterized queries or stored procedures to ensure that supplied identifiers are properly sanitized before being used in SQL statements.
  • Implement stricter access controls on the delete.php route, ensuring it is only reachable by authenticated and authorized users and that input parameters are validated against expected formats.
  • Consider temporarily disabling the delete.php functionality until a secure version is deployed if the feature is not critical.

Generated by OpenCVE AI on June 1, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Title raisulislamg4 student_management_system_by_php delete.php sql injection
First Time appeared Raisulislamg4
Raisulislamg4 student Management System By Php
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*
Vendors & Products Raisulislamg4
Raisulislamg4 student Management System By Php
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Raisulislamg4 Student Management System By Php
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T05:00:09.570Z

Reserved: 2026-05-31T07:58:48.500Z

Link: CVE-2026-10226

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T06:16:39.947

Modified: 2026-06-01T06:16:39.947

Link: CVE-2026-10226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T06:30:22Z

Weaknesses