PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11530 imvks786 CVE debrief

A SQL injection vulnerability was identified in the student_management_system up to version 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The vulnerability affects an unknown function of the file /index.php of the component Login. Manipulation of the argument usr/pwd leads to SQL injection. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Vendor
imvks786
Product
student_management_system
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-09
Advisory published
2026-06-08
Advisory updated
2026-06-09

Who should care

Administrators and users of the student_management_system up to version 9599b560ad3c3b83e75d328b76bedcd489ef1f46 should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-74 and CWE-89.

Defensive priority

MEDIUM

Recommended defensive actions

  • Update to the latest version of student_management_system if available.
  • Implement input validation and sanitization to prevent SQL injection attacks.
  • Monitor the system for suspicious activity and implement additional security measures as necessary.

Evidence notes

The vulnerability was reported through an issue report and the project has not responded yet. The exploit is publicly available and might be used.

Official resources

CVE-2026-11530 was published on 2026-06-08T17:16:40.017Z and modified on 2026-06-09T01:34:33.987Z.