Description
A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-03-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch promptly
AI Analysis

Impact

A flaw in the teacher‑attendance.php page allows operators to alter the teacher_id parameter, enabling arbitrary SQL commands to be executed against the database. This injection can read, modify, or delete records, compromising student attendance data and potentially granting broader database access. The weakness is an SQL injection problem that permits the execution of unintended queries.

Affected Systems

The vulnerability affects version 1.0 of the College Management System developed by itsourcecode, specifically the admin module handling teacher attendance. No other releases are documented as affected, and the issue resides in an internal component of the system.

Risk and Exploitability

The vulnerability carries a moderate severity rating and an exploitation probability that is currently low. It is not included in the CISA Known Exploited Vulnerabilities inventory. An attacker could launch the exploit from a remote web request targeting the teacher_id field, provided they gain sufficient access to the admin interface or craft a request susceptible to the missing validation.

Generated by OpenCVE AI on April 17, 2026 at 11:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the College Management System to a patched release once available from itsourcecode.
  • Modify teacher_attendance.php to bind the teacher_id parameter using prepared statements or stored procedures, ensuring user input is never directly concatenated into SQL queries.
  • Limit access to the /admin/teacher‑attendance.php endpoint to authenticated administrative users and enforce strict validation of the teacher_id input, rejecting any non‑numeric values.
  • Deploy a web application firewall rule that detects and blocks common SQL injection payloads in incoming requests.

Generated by OpenCVE AI on April 17, 2026 at 11:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Angeljudesuarez
Angeljudesuarez college Management System
CPEs cpe:2.3:a:angeljudesuarez:college_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Angeljudesuarez
Angeljudesuarez college Management System

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode sanitize Or Validate This Input
Vendors & Products Itsourcecode
Itsourcecode sanitize Or Validate This Input

Sun, 08 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Title itsourcecode sanitize or validate this input teacher-attendance.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Angeljudesuarez College Management System
Itsourcecode Sanitize Or Validate This Input
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-10T20:40:46.674Z

Reserved: 2026-03-07T20:51:48.217Z

Link: CVE-2026-3767

cve-icon Vulnrichment

Updated: 2026-03-10T20:40:42.729Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T21:15:51.047

Modified: 2026-03-10T18:57:52.820

Link: CVE-2026-3767

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses