CVE-2026-10227
7.3 HIGHA vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1
Published: 2026-06-01 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-74, CWE-89
Description
A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10227
- [Other]https://github.com/raisulislamg4/student_management_system_by_php/
- [Other]https://github.com/raisulislamg4/student_management_system_by_php/issues/4
- [Other]https://vuldb.com/cve/CVE-2026-10227
- [Other]https://vuldb.com/submit/822819
- [Other]https://vuldb.com/vuln/367506
- [Other]https://vuldb.com/vuln/367506/cti
- [Other]https://vuldb.com/submit/822819
Related CVEs
Same CWE
- CVE-2026-52700 — Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions (8.5 HIGH)
- CVE-2026-52697 — Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions (8.5 HIGH)
- CVE-2026-52693 — Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions (9.3 CRITICAL)
- CVE-2026-49776 — Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 vers... (9.3 CRITICAL)
- CVE-2026-49067 — Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions (9.3 CRITICAL)