CVE-2026-4236 - Vulnerability Details

Description

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Published: 2026-03-16

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability occurs in the index.php page of the Online Enrollment System when the view=add action processes input parameters. An attacker can supply crafted values for txtsearch, deptname, or name, causing the application to construct unsanitized SQL statements. This flaw permits arbitrary SQL injection, allowing the attacker to read, modify, or delete enrollment data stored in the database.

Affected Systems

Affected components include the vendor itsourcecode and its Online Enrollment System version 1.0. The issue is confined to the /enrollment/index.php script that handles the add view. No other versions or modules are reported to be impacted.

Risk and Exploitability

The severity rating is 6.9 on the CVSS scale, representing a moderate risk. Exploit probability is low, with a score under 1%. The flaw is not cataloged in the known exploited vulnerabilities list, indicating no known active exploitation. Nevertheless, the vulnerability can be triggered remotely without authentication, so a threat assessment should consider it a moderate but relevant risk for exposed deployments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

itsourcecode

Online Enrollment System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Itsourcecode

Online Student Enrollment System

90%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an official patch or update to the Online Enrollment System 1.0 from the vendor if available.
If no patch exists, restrict access to the /enrollment/index.php?view=add endpoint to authenticated users only and implement strict input validation, such as using prepared statements or parameterized queries to eliminate SQL injection.

Generated by OpenCVE AI on March 22, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/yuji0903/silver-guide/issues/10
https://github.com/yuji0903/silver-guide/issues/12
https://itsourcecode.com/
https://vuldb.com/?ctiid.351159
https://vuldb.com/?id.351159
https://vuldb.com/?submit.771239
https://vuldb.com/?submit.771241
https://vuldb.com/?submit.771242

History

Mon, 30 Mar 2026 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Itsourcecode Itsourcecode online Student Enrollment System
Vendors & Products		Itsourcecode Itsourcecode online Student Enrollment System

Mon, 16 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 11:45:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Title		itsourcecode Online Enrollment System index.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://github.com/yuji0903/silver-guide/issues/10 https://github.com/yuji0903/silver-guide/issues/12 https://itsourcecode.com/ https://vuldb.com/?ctiid.351159 https://vuldb.com/?id.351159 https://vuldb.com/?submit.771239 https://vuldb.com/?submit.771241 https://vuldb.com/?submit.771242
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Itsourcecode Online Student Enrollment System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-16T11:32:09.033Z

Updated: 2026-03-16T18:55:03.627Z

Reserved: 2026-03-15T18:53:46.351Z

Link: CVE-2026-4236

Vulnrichment

Updated: 2026-03-16T18:53:25.907Z

NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:20:17.960

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-4236

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T08:00:26Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object