Description
itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.
Published: 2026-04-10
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access and Potential Integrity Compromise
Action: Immediate Patch
AI Analysis

Impact

The Online Student Enrollment System v1.0 contains an unsanitized SQL query in newCourse.php that accepts user-provided input via the 'coursename' parameter. This flaw allows an attacker to inject arbitrary SQL statements, potentially extracting confidential enrollment data, modifying records, or in worst cases executing commands that could compromise the underlying database. The vulnerability maps to CWE‑89 and carries a CVSS score of 9.8, reflecting a high impact and ease of exploitation.

Affected Systems

The affected product is the Online Student Enrollment System by itsourcecode, version 1.0. No other versions or vendor variants are listed, so the risk is confined to installations of this specific release.

Risk and Exploitability

With an EPSS score below 1% and not yet in the CISA KEV catalog, widespread exploitation is currently unlikely. Nevertheless, the flaw can be triggered remotely by sending a crafted HTTP request to newCourse.php. Once the 'coursename' field is exploited, an attacker can read, alter, delete, or insert data in the database, leading to confidentiality, integrity, and availability issues.

Generated by OpenCVE AI on April 14, 2026 at 18:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch when released
  • Sanitize the 'coursename' input using prepared statements or parameterized queries
  • Implement a web application firewall to block SQL injection patterns
  • Monitor application logs for suspicious activity

Generated by OpenCVE AI on April 14, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Enrollment System Courses Feature

Tue, 14 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Online Student Enrollment System v1.0

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Online Student Enrollment System v1.0
Weaknesses CWE-89

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode online Student Enrollment System
Vendors & Products Itsourcecode
Itsourcecode online Student Enrollment System

Fri, 10 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.
References

Subscriptions

Itsourcecode Online Student Enrollment System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T14:02:19.446Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36234

cve-icon Vulnrichment

Updated: 2026-04-14T14:02:13.445Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T15:16:24.953

Modified: 2026-04-14T17:40:46.070

Link: CVE-2026-36234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:00:07Z

Weaknesses