PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11531 imvks786 CVE debrief

A SQL injection vulnerability has been discovered in the student_management_system up to version 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The vulnerability affects an unknown function of the file admin/admin_login.php of the Administrator Login Endpoint. An attacker can manipulate the argument a_usr/a_pwd to inject malicious SQL code, allowing for remote exploitation. The exploit has been publicly released and may be used for attacks. The product adopts a rolling release strategy, making it difficult to specify affected or updated versions.

Vendor
imvks786
Product
student_management_system
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-09
Advisory published
2026-06-08
Advisory updated
2026-06-09

Who should care

Administrators and users of the student_management_system up to version 9599b560ad3c3b83e75d328b76bedcd489ef1f46 should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. It can be exploited remotely, and the attack vector is NETWORK. The vulnerability is caused by a lack of proper input validation in the admin/admin_login.php file, allowing an attacker to inject malicious SQL code.

Defensive priority

MEDIUM

Recommended defensive actions

  • Update to the latest version of the student_management_system, if available.
  • Implement proper input validation and sanitization in the admin/admin_login.php file.
  • Use prepared statements to prevent SQL injection attacks.
  • Monitor the system for suspicious activity and implement additional security measures as needed.

Evidence notes

The vulnerability was discovered and reported to the project, but a response has not been received yet. The exploit has been publicly released, and the product's rolling release strategy makes it challenging to determine affected or updated versions.

Official resources

CVE-2026-11531 was published on 2026-06-08T17:16:40.200Z and modified on 2026-06-09T17:17:01.527Z.