CVE-2026-1589
BaseFortify
Publication date: 2026-01-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| angeljudesuarez | school_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1589 is a SQL injection vulnerability in itsourcecode School Management System version 1.0, specifically in the /ramonsys/inquiry/index.php file. It occurs because the application does not properly sanitize the 'txtsearch' parameter, allowing attackers to inject malicious SQL code remotely without authentication. This can lead to unauthorized database queries and manipulation. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely execute arbitrary SQL commands on your database without authentication. This can compromise the confidentiality, integrity, and availability of your system's data, potentially leading to data leakage, unauthorized data modification, or denial of service. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'txtsearch' parameter in the /ramonsys/inquiry/index.php file for SQL injection. One approach is to send crafted HTTP requests with SQL injection payloads in the 'txtsearch' parameter and observe the responses for SQL errors or unexpected behavior. Additionally, Google Dorking can be used to identify vulnerable targets by searching for 'inurl:ramonsys/inquiry/index.php'. Specific commands could include using curl or tools like sqlmap to test the parameter remotely, for example: curl -G 'http://target/ramonsys/inquiry/index.php' --data-urlencode "txtsearch=' OR '1'='1". Automated tools like sqlmap can be run as: sqlmap -u "http://target/ramonsys/inquiry/index.php?txtsearch=test" --batch --dbs to detect SQL injection vulnerabilities. [1]
What immediate steps should I take to mitigate this vulnerability?
There are no known countermeasures or patches available for this vulnerability at the time of disclosure. The recommended immediate step is to replace the affected product with an alternative solution. Until a patch or fix is available, restricting access to the vulnerable endpoint, implementing web application firewalls (WAF) to detect and block SQL injection attempts, and monitoring for suspicious activity are advisable mitigation steps. [1]