Description
A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboard_page/forms/fetch.php. Performing a manipulation of the argument department_code results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-05
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the CollegeManagementSystem’s fetch.php file allows an attacker to manipulate the department_code parameter, resulting in an unsanitized SQL query. This flaw corresponds to CWE‑74 and CWE‑89 and can enable an unauthenticated remote attacker to read or alter sensitive database contents. Based on the description, the attack vector is remote and a public exploit is available, meaning the vulnerability can be triggered from outside the network without prior credentials.

Affected Systems

The vulnerable code resides in the tittuvarghese CollegeManagementSystem repository at the dashboard_page/forms/fetch.php path. No specific version information is provided; continuous‑delivery practices imply the issue exists in all current releases. The affected product is identified by the vendor tittuvarghese:CollegeManagementSystem.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the exploit is publicly known and the endpoint is reachable remotely, the risk remains elevated until a patch or effective mitigation is applied. The attacker does not need prior authentication to exploit the flaw, making it readily usable against exposed deployments.

Generated by OpenCVE AI on June 5, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block external access to the fetch.php endpoint or place it behind an authentication wall.
  • When an official fix becomes available, apply the patch promptly or upgrade to a non‑vulnerable release; monitor the project’s repository for updates.
  • Modify the code to validate the department_code value and refactor the query to use prepared statements or parameterized queries to eliminate the injection vector.
  • Deploy a web‑application firewall or custom request filtering rules that detect and block common SQL payloads, and monitor logs for abnormal query activity.

Generated by OpenCVE AI on June 5, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboard_page/forms/fetch.php. Performing a manipulation of the argument department_code results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Title tittuvarghese CollegeManagementSystem fetch.php sql injection
First Time appeared Tittuvarghese
Tittuvarghese collegemanagementsystem
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:tittuvarghese:collegemanagementsystem:*:*:*:*:*:*:*:*
Vendors & Products Tittuvarghese
Tittuvarghese collegemanagementsystem
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tittuvarghese Collegemanagementsystem
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-05T14:00:12.114Z

Reserved: 2026-06-05T08:10:02.111Z

Link: CVE-2026-11334

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T15:16:51.360

Modified: 2026-06-05T16:04:48.437

Link: CVE-2026-11334

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T16:00:11Z

Weaknesses