Description
A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the admin_login.php component of the student_management_system and allows a remote attacker to manipulate the a_usr and a_pwd parameters to inject arbitrary SQL. By exploiting this flaw an attacker can read, modify, or delete database records, potentially exposing sensitive information and enabling further credential compromise. The flaw is publicly known and a release of an exploit is available, underscoring its practicality.

Affected Systems

All builds of the student_management_system developed by imvks786 that contain the code before the commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46 are affected. The project uses a rolling release approach, so any release prior to this commit remains vulnerable and no patched version is listed in the information provided.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and while the EPSS score is not available the existence of public exploits indicates a real risk. The vulnerability is not in the CISA KEV catalogue, yet it can be exploited remotely without prior authentication, making the attack vector straightforward and increasing the urgency of remediation.

Generated by OpenCVE AI on June 8, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict network access to the /admin_login endpoint so that only trusted IP ranges can reach it.
  • Implement server‑side input validation and sanitization for a_usr and a_pwd fields to mitigate injection.
  • Monitor authentication and database logs for anomalous query patterns that may indicate injection attempts.
  • Keep all application dependencies current and review third‑party components for similar vulnerabilities.

Generated by OpenCVE AI on June 8, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Title imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection
First Time appeared Imvks786
Imvks786 student Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:*
Vendors & Products Imvks786
Imvks786 student Management System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Imvks786 Student Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T16:00:15.973Z

Reserved: 2026-06-07T19:53:21.533Z

Link: CVE-2026-11531

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:40.200

Modified: 2026-06-08T17:16:40.200

Link: CVE-2026-11531

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T19:00:14Z

Weaknesses