CVE-2019-11196
CRITICALValuePLUS Integrated University Management System - SQLi Auth Bypass via Teachers Panel
Title source: llmDescription
An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.ziaurrashid.com/sql-injection-auth-bypass-on-iums/
Scores
CVSS v3
9.8
EPSS
0.0627
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
vpcsbd/integrated_university_management_system
Published
Apr 12, 2019
Tracked Since
Feb 18, 2026