Description
A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Published: 2026-03-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Patch
AI Analysis

Impact

The vulnerability exists in itsourcecode College Management System 1.0 within an unknown function in /admin/time-table.php. Manipulation of the course_code argument allows SQL injection, enabling an attacker to execute arbitrary SQL commands against the database. This can lead to unauthorized data access, modification, or deletion. The attack is launched remotely and an exploit is publicly available.

Affected Systems

Affected systems include the College Management System from itsourcecode, version 1.0. No additional versions or product variants are listed.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while EPSS is not reported and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is remote, and because the exploitation code is publicly accessible, there is a realistic chance of exploitation. The overall risk is moderate but warrants timely remediation.

Generated by OpenCVE AI on March 17, 2026 at 11:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch or upgrade to College Management System.
  • If no patch is available, restrict access to /admin/time-table.php to authenticated users only.
  • Implement input validation and parameterized queries to prevent SQL injection.
  • Monitor application logs for abnormal SQL activity.
  • Verify vendor’s website for further updates.

Generated by OpenCVE AI on March 17, 2026 at 11:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode college Management System
Vendors & Products Itsourcecode
Itsourcecode college Management System

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Title itsourcecode College Management System time-table.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode College Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T14:22:43.818Z

Reserved: 2026-03-15T20:42:51.881Z

Link: CVE-2026-4241

cve-icon Vulnrichment

Updated: 2026-03-16T14:22:33.081Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:20:19.230

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-4241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:29Z

Weaknesses