Description
A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of the argument nic can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can send a crafted request to the getStatus function of GradeController.php and inject SQL via the nic argument. The vulnerability allows remote attackers to manipulate database queries, which can lead to data leakage, modification, or deletion of student information. The weakness is classified as CWE‑74 (Untrusted Search Path) and CWE‑89 (SQL Injection).

Affected Systems

Kushan2k student‑management‑system in all released versions up to the commit f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. No specific versions are listed, and the project follows a rolling release model so newer updates may not yet contain a fix.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available, suggesting no precise data on exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely, as the target endpoint is publicly reachable. The lack of an official patch at this time means the risk remains until a fix is released or mitigations are applied.

Generated by OpenCVE AI on June 8, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict network access to the application, allowing only trusted IP ranges or VPN connections.
  • Validate and sanitize all input for the nic parameter; replace direct query construction with prepared statements or parameterized queries to eliminate injection vectors.
  • Implement WAF rules or application firewalls that detect and block typical SQL injection payload patterns; regularly monitor logs for suspicious query activity.

Generated by OpenCVE AI on June 8, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of the argument nic can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Title Kushan2k student-management-system Certificate Verification Endpoint GradeController.php getStatus sql injection
First Time appeared Kushan2k
Kushan2k student-management-system
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:kushan2k:student-management-system:*:*:*:*:*:*:*:*
Vendors & Products Kushan2k
Kushan2k student-management-system
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Kushan2k Student-management-system
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T01:15:08.800Z

Reserved: 2026-06-07T09:37:50.124Z

Link: CVE-2026-11475

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T02:16:23.577

Modified: 2026-06-08T02:16:23.577

Link: CVE-2026-11475

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T03:30:16Z

Weaknesses