Description
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Student Transcript Processing System version 1.0 contains a vulnerability where the ID argument of the URL /admin/modules/class/index.php?view=view is improperly validated. This flaw allows an attacker to inject arbitrary SQL statements; the vulnerability is a classic SQL injection (CWE-89). The flaw is exploitable remotely via HTTP GET parameters, and the attacker need only send crafted requests to the vulnerable endpoint.

Affected Systems

Vendorship by ItsSourceCode, the affected product is the Student Transcript Processing System, specifically version 1.0. No additional affected versions are listed in the available data.

Risk and Exploitability

The CVSS score of 6.9 classifies this flaw as a medium severity issue. EPSS information is not provided, so the public exploitation probability is unknown, but the vulnerability is publicly disclosed and could be exploited by anyone with internet access. It is not listed in CISA’s KEV catalog, suggesting no confirmed exploit in the wild yet. The attack vector is remote, relying solely on manipulating HTTP GET parameters; an attacker need only send crafted requests to the vulnerable endpoint to execute malicious SQL.

Generated by OpenCVE AI on May 26, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of the Student Transcript Processing System, which contains the vendor‑provided fix for the SQL injection flaw.
  • If an upgrade is not immediately possible, restrict direct web access to /admin/modules/class/index.php and enforce strict input validation or parameterized queries for the ID parameter to neutralize injection attempts.
  • Deploy a web application firewall or intrusion detection system configured to block SQL injection patterns targeting the ID parameter to provide an additional defense in depth.

Generated by OpenCVE AI on May 26, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title itsourcecode Student Transcript Processing System index.php sql injection
First Time appeared Itsourcecode
Itsourcecode student Transcript Processing System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:student_transcript_processing_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode student Transcript Processing System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Student Transcript Processing System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T19:30:12.092Z

Reserved: 2026-05-26T12:43:25.104Z

Link: CVE-2026-9575

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-26T20:16:21.823

Modified: 2026-05-26T20:19:21.240

Link: CVE-2026-9575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T21:00:13Z

Weaknesses