CVE-2026-2073
7.3 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A critical SQL injection vulnerability exists in the itsourcecode School Management System 1.0, specifically in the user management page. Attackers can remotely manipulate the 'ID' parameter to interfere with the database, potentially stealing or altering sensitive school data.
Who is affected
All deployments of itsourcecode School Management System 1.0 are affected. An attacker could gain unauthorized access to the database, leading to data theft, modification, or deletion of student, staff, and system information.
Recommended fix
Immediately apply any official patch from the vendor. If none is available, consider disabling or restricting access to the /ramonsys/user/index.php file and use parameterized queries or input validation to sanitize the 'ID' parameter.
Technical Description
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74