Description
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Published: 2026-03-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Apply Patch
AI Analysis

Impact

A flaw in the SourceCodester Online Admission System allows an attacker to inject arbitrary SQL code through the program parameter in programmes.php. The vulnerability is a classic SQL injection (CWE-74, CWE-89). Successful exploitation can lead to unauthorized read or modification of the database, potentially exposing sensitive student data or altering admission records.

Affected Systems

The affected product is SourceCodester Online Admission System version 1.0. No other versions were mentioned. Users running this specific version are at risk.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The ability to launch the exploit remotely, without requiring authentication, raises the likelihood of exploitation. Although EPSS data is not available and the vulnerability is not listed in CISA's KEV catalog, the publicly available exploit and the absence of mitigations suggest a high practical risk for systems that have not applied a patch or other defensive measures.

Generated by OpenCVE AI on March 24, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for official patch or newer version from SourceCodester and apply it promptly.
  • Implement input validation to properly sanitize the program argument before it is used in SQL queries.
  • Consider applying a Web Application Firewall rule to detect and block potential SQL injection patterns.

Generated by OpenCVE AI on March 24, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Admission System
Vendors & Products Sourcecodester
Sourcecodester online Admission System

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Title SourceCodester Online Admission System programmes.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Online Admission System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-24T13:24:16.006Z

Reserved: 2026-03-23T06:23:49.361Z

Link: CVE-2026-4625

cve-icon Vulnrichment

Updated: 2026-03-24T13:24:08.724Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:14.917

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4625

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:27Z

Weaknesses