CVE-2026-11531
HIGHimvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection
Title source: cnaDescription
A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Exploit exploit
issue-tracking
https://github.com/imvks786/student_management_system/issues/2
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-369148 | imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection
https://vuldb.com/vuln/369148
Signature, Permissions Required signature
permissions-required
VDB-369148 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369148/cti
Third Party Advisory third-party-advisory
CVE-2026-11531 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11531
Third Party Advisory third-party-advisory
Submit #836633 | imvks786 student_management_system 1.0 SQL Injection
https://vuldb.com/submit/836633
Product product
https://github.com/imvks786/student_management_system/
Scores
CVSS v3
7.3
EPSS
0.0033
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
imvks786/student_management_system
9599b560ad3c3b83e75d328b76bedcd489ef1f46
Published
Jun 08, 2026
Tracked Since
Jun 08, 2026