CVE Catalog

CVE-2026-11531

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile - higher than 10% of all known CVEs

Summary

A security flaw has been discovered in the imvks786 student management system that allows SQL injection attacks by manipulating the a_usr/a_pwd arguments in the admin/admin_login.php file. The attack can be carried out remotely.

Risk Assessment

This vulnerability may lead to unauthorized access to the database, posing a serious threat to the confidentiality of user data.

Recommendation

It is recommended to immediately update the system to the latest version and implement additional security measures to minimize the risk of an attack.

Original NVD description (English source)

A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS