CVE-2019-11196

CRITICAL

ValuePLUS Integrated University Management System - SQLi Auth Bypass via Teachers Panel

Title source: llm
STIX 2.1

Description

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.ziaurrashid.com/sql-injection-auth-bypass-on-iums/

Scores

CVSS v3 9.8
EPSS 0.0627
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
vpcsbd/integrated_university_management_system
Published Apr 12, 2019
Tracked Since Feb 18, 2026