CVE-2026-9474
HighSummary
A vulnerability was found in yashpokharna2555 StudentManagementSystem affecting the confirm_logged_in function in /studentdel.php. Manipulation of the ID argument results in SQL injection, allowing for remote attacks.
Risk Assessment
This vulnerability poses a serious risk to data security as it allows attackers to execute malicious SQL queries remotely on the database.
Recommendation
It is recommended to immediately update the system and implement appropriate security measures to prevent SQL injections. Additionally, the system should be monitored for unauthorized activities.
Original NVD description (English source)
A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm_logged_in of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

