CVE-2026-0544
BaseFortify
Publication date: 2026-01-01
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| itsourcecode | school_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0544 is a SQL injection vulnerability in the itsourcecode School Management System version 1.0, specifically in the /student/index.php file. The vulnerability occurs because the application does not properly sanitize or validate the 'ID' parameter, allowing an attacker to manipulate SQL queries by injecting malicious SQL code. This flaw enables remote attackers to execute unauthorized SQL commands without authentication. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute unauthorized SQL commands on your database, potentially compromising the confidentiality, integrity, and availability of your system. Attackers can manipulate or retrieve sensitive data, alter or delete records, and disrupt normal operations without needing any authentication. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable endpoint `/student/index.php` in the itsourcecode School Management System 1.0 and testing the `ID` parameter for SQL injection. One method to identify potentially vulnerable targets is using Google dorking with the query `inurl:student/index.php`. For direct testing, you can use tools like sqlmap or manual curl commands to inject SQL payloads into the `ID` parameter and observe the response for SQL errors or unexpected behavior. Example command using curl: `curl 'http://target.com/student/index.php?ID=1'` and then try SQL injection payloads such as `1' OR '1'='1` to see if the system is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been documented for this vulnerability. The suggested immediate step is to replace the affected product with an alternative solution that does not have this vulnerability. Additionally, as a temporary measure, restricting access to the vulnerable endpoint and monitoring for suspicious activity may help reduce risk until a secure version or alternative is deployed. [2]