CVE-2026-3487 - Vulnerability Details

- itsourcecode College Management System class-result.php sql injection

Description

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument course_code results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Published: 2026-03-03

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is located in itsourcecode College Management System 1.0 within the /admin/class-result.php script. The script accepts a course_code argument without adequate validation, allowing a classic SQL injection. An attacker who supplies a crafted value can execute arbitrary SQL statements against the backend database, potentially exposing, modifying, or destroying sensitive student information. This compromise affects the confidentiality, integrity, and availability of the educational platform.

Affected Systems

The affected product is the College Management System offered by itsourcecode, identified in CPE terms as angeljudesuarez:college_management_system. The publicly available information specifies that version 1.0 is vulnerable. No later releases are listed, so administrators should confirm whether they are running this specific version and consult the vendor for any newer, patched release.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity level, and the EPSS score of less than 1% shows a very low expected probability of exploitation at present. The vulnerability is not catalogued in the CISA KEV list, which suggests limited widespread exploitation. However, an exploit is publicly available, implying that a remote attacker can initiate an attack by sending a forged HTTP request containing a malicious course_code value. The potential impact would be database compromise and data tampering.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

itsourcecode

College Management System

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:angeljudesuarez:college_management_system:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Itsourcecode

College Management System

100%

Version	Status	Scheme	Platform
`1.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Restrict access to /admin/class-result.php so that only authenticated administrators can use it, using role‑based access control or a firewall rule to block public requests.
Update the application to use parameterized queries or proper input sanitization for the course_code value; validate that the parameter contains only expected characters.
If a vendor patch or newer version of the College Management System is available, upgrade immediately; otherwise contact the vendor for a security fix.
As a temporary measure, block or remove the course-code parameter from the URL or configure the script to refuse requests that contain suspicious characters.

Generated by OpenCVE AI on April 16, 2026 at 13:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/ltranquility/cve_submit/issues/8
https://itsourcecode.com/
https://vuldb.com/?ctiid.348562
https://vuldb.com/?id.348562
https://vuldb.com/?submit.765095

History

Thu, 05 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Angeljudesuarez Angeljudesuarez college Management System
CPEs		cpe:2.3:a:angeljudesuarez:college_management_system:1.0:::::::*
Vendors & Products		Angeljudesuarez Angeljudesuarez college Management System

Wed, 04 Mar 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Itsourcecode Itsourcecode college Management System
Vendors & Products		Itsourcecode Itsourcecode college Management System

Tue, 03 Mar 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument course_code results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Title		itsourcecode College Management System class-result.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://github.com/ltranquility/cve_submit/issues/8 https://itsourcecode.com/ https://vuldb.com/?ctiid.348562 https://vuldb.com/?id.348562 https://vuldb.com/?submit.765095
Metrics		cvssV2_0 `{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Angeljudesuarez College Management System

Itsourcecode College Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-03T21:32:08.509Z

Updated: 2026-03-04T21:18:39.678Z

Reserved: 2026-03-03T15:26:42.860Z

Link: CVE-2026-3487

Vulnrichment

Updated: 2026-03-04T21:18:36.127Z

NVD

Status : Analyzed

Published: 2026-03-03T22:16:29.850

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3487

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T14:00:19Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object