Description
A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-01
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the add_user_check.php script of the Raisuli student management system allows manipulation of the role argument to inject arbitrary SQL. The resulting injection can enable a remote attacker to read, modify, or delete data from the underlying database, potentially leading to full data compromise or privilege escalation. The vulnerability is present before the commit 310d950e09013d5133c6b9210aff9444382d16d1 and is documented as a remote exploitation vector.

Affected Systems

The vulnerability affects the raisulislamg4:student_management_system_by_php application. No specific version numbers are available due to the project's rolling release model, but all releases prior to the commit mentioned are susceptible.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, and the EPSS score is not available. It is not listed in CISA KEV, but the exploit has been publicly disclosed, meaning attackers may already be targeting the exposed add_user_check.php endpoint. Because the attack vector is remote and the vulnerability resides in a widely deployed component, the risk of exploitation remains significant until a patch or mitigation is applied.

Generated by OpenCVE AI on June 1, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest patched release of the student_management_system_by_php when it becomes available
  • Modify add_user_check.php to validate the role input and use parameterized queries or proper escaping to eliminate SQL injection
  • Restrict access to the user creation endpoint so that only authenticated administrators can submit role data

Generated by OpenCVE AI on June 1, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Title raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection
First Time appeared Raisulislamg4
Raisulislamg4 student Management System By Php
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*
Vendors & Products Raisulislamg4
Raisulislamg4 student Management System By Php
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Raisulislamg4 Student Management System By Php
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T05:15:08.358Z

Reserved: 2026-05-31T07:58:51.589Z

Link: CVE-2026-10227

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T06:16:40.100

Modified: 2026-06-01T06:16:40.100

Link: CVE-2026-10227

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T06:30:22Z

Weaknesses