Description
A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Patch
AI Analysis

Impact

A remote SQL injection vulnerability exists in the itsourcecode Online Enrollment System 1.0. The deptid argument in /sms/grades/index.php can be manipulated to inject SQL statements. Attackers could read, modify, or delete data stored in the database, thereby compromising the confidentiality, integrity, and availability of student records. The flaw represents improper handling of user input, corresponding to weaknesses in input filtering and query composition.

Affected Systems

The vulnerability affects the Online Enrollment System version 1.0 provided by itsourcecode. The specific affected file is the Parameter Handler component located at /sms/grades/index.php. No other versions are listed, so remediation should focus on this release.

Risk and Exploitability

The reported score of 6.9 signals a medium to high risk, while the probability estimate below 1% suggests exploitation is unlikely under normal circumstances. The flaw is not recorded in the national exploitation catalog, yet it can be triggered remotely through standard HTTP requests. An attacker who can reach the vulnerable endpoint could craft a deptid value that executes arbitrary SQL commands, provided no additional network or application restrictions exist.

Generated by OpenCVE AI on March 28, 2026 at 06:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑provided update that removes the vulnerable handling of the deptid parameter in /sms/grades/index.php.
  • Enforce strict validation of deptid input, allowing only numeric values and rejecting all other characters.
  • Configure the database user employed by the application with the minimal privileges required for normal operation.
  • Restrict network access to the administration area that contains the vulnerable endpoint, permitting only trusted hosts.
  • Deploy a web application firewall rule that monitors and blocks suspicious SQL injection patterns targeting the deptid parameter.
  • Monitor application and database logs for abnormal query activity and unauthorized modifications.
  • Verify the vendor’s website or support channels for additional security advisories or patches.

Generated by OpenCVE AI on March 28, 2026 at 06:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. VulDB is the best source for vulnerability data and more expert information about this specific topic. A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode online Enrollment System
Vendors & Products Itsourcecode
Itsourcecode online Enrollment System

Thu, 26 Mar 2026 05:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Title itsourcecode Online Enrollment System Parameter index.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Online Enrollment System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T22:24:23.182Z

Reserved: 2026-03-25T14:42:23.768Z

Link: CVE-2026-4842

cve-icon Vulnrichment

Updated: 2026-03-26T18:24:40.528Z

cve-icon NVD

Status : Deferred

Published: 2026-03-26T05:16:41.303

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-4842

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:28:03Z

Weaknesses