CVE-2017-20196

MEDIUM

Itechscripts School Management Software 2.75 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20196. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in School Management Software v2.75. It provides a Google dork and a vulnerable endpoint but lacks executable exploit code.

Description

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WRITEUP
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/41034

This is a writeup describing a SQL injection vulnerability in School Management Software v2.75. It provides a Google dork and a vulnerable endpoint but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: School Management Software v2.75
No auth needed
Prerequisites: access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.95307
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/41034/
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/41034
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.95307

Scores

CVSS v3 6.3
EPSS 0.0037
EPSS Percentile 28.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
Itechscripts/School Management Software 2.75
Published Jan 26, 2025
Tracked Since Feb 18, 2026