{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1551","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-01-28T16:56:52.080Z","datePublished":"2026-01-28T23:32:15.865Z","dateUpdated":"2026-02-23T09:03:14.332Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-23T09:03:14.332Z"},"title":"itsourcecode School Management System controller.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"itsourcecode","product":"School Management System","versions":[{"version":"1.0","status":"affected"}],"cpes":["cpe:2.3:a:itsourcecode:school_management_system:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-01-28T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-01-28T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-02-04T03:14:37.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"0cat (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.343247","name":"VDB-343247 | itsourcecode School Management System controller.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.343247","name":"VDB-343247 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.740644","name":"Submit #740644 | itsourcecode  School Management System  V1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.740680","name":"Submit #740680 | itsourcecode School Management System v1.0 SQL Injection (Duplicate)","tags":["third-party-advisory"]},{"url":"https://mega.nz/file/6cVwiA5A#BVwaxWlfeQCkkpHnuxPiMDZVb5qcYrsI6ftqdm_8mGk","tags":["exploit"]},{"url":"https://itsourcecode.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-29T15:57:34.979343Z","id":"CVE-2026-1551","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-29T16:53:34.111Z"}}]}}