Description
A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows attackers to inject arbitrary SQL through the studentId parameter in the admin modules student view page. By manipulating this argument, malicious actors can read, modify or delete database content. This could expose sensitive student records, compromising confidentiality and potentially allowing broader data tampering.

Affected Systems

The affected product is itsourcecode Student Transcript Processing System version 1.0. The flaw resides in /admin/modules/student/index.php?view=view, a component of the system's administrative interface. No other versions or products are known to be impacted.

Risk and Exploitability

The CVSS score of 6.9 classifies the issue as Medium severity. EPSS is not available, and the vulnerability not yet listed in the CISA KEV catalog. The attack vector is remote, exploiting a publicly accessible web form. Publicly disclosed exploits exist, suggesting that attackers could readily target vulnerable instances, especially if access controls are weak.

Generated by OpenCVE AI on May 26, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Student Transcript Processing System to a release that contains the fixed code.
  • Apply strict authentication controls so that only authorized personnel can access the student module and limit exposure of the studentId parameter.
  • Refactor the affected code to use prepared statements or parameterized queries for the studentId input, eliminating injection opportunities.

Generated by OpenCVE AI on May 26, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
Title itsourcecode Student Transcript Processing System index.php sql injection
First Time appeared Itsourcecode
Itsourcecode student Transcript Processing System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:student_transcript_processing_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode student Transcript Processing System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Student Transcript Processing System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T19:00:13.477Z

Reserved: 2026-05-26T12:43:20.089Z

Link: CVE-2026-9573

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-26T20:16:21.503

Modified: 2026-05-26T20:19:21.240

Link: CVE-2026-9573

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:30:15Z

Weaknesses