Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
itsourcecode College Management System: SQL Injection via Student Fee Input
CVE-2026-3486
Summary
The itsourcecode College Management System, version 1.0, has a security flaw in its student fee handling. This flaw allows an attacker to manipulate data in the system by entering malicious input, potentially leading to unauthorized access or changes. The vulnerability has been publicly disclosed, making it essential to update the system to a patched version to avoid potential exploitation.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| angeljudesuarez | college_management_system | 1.0 | – |
Original title
A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no l...
Original description
A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
5.8
nvd CVSS3.1
7.2
nvd CVSS4.0
5.1
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://github.com/ltranquility/cve_submit/issues/7 Exploit Third Party Advisory Issue Tracking
- https://itsourcecode.com/ Product
- https://vuldb.com/?ctiid.348561 Permissions Required VDB Entry
- https://vuldb.com/?id.348561 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.765094 Third Party Advisory VDB Entry
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026