Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by raisulislamg4
CVE-2026-10228 (GCVE-0-2026-10228)
Vulnerability from cvelistv5 – Published: 2026-06-01 05:30 – Updated: 2026-06-01 13:15
VLAI
Title
raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting
Summary
A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367507 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367507/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10228 | third-party-advisory |
| https://vuldb.com/submit/822848 | third-party-advisory |
| https://github.com/raisulislamg4/student_manageme… | exploitissue-tracking |
| https://github.com/raisulislamg4/student_manageme… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| raisulislamg4 | student_management_system_by_php |
Affected:
310d950e09013d5133c6b9210aff9444382d16d1
cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:15:31.005031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:15:40.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*"
],
"product": "student_management_system_by_php",
"vendor": "raisulislamg4",
"versions": [
{
"status": "affected",
"version": "310d950e09013d5133c6b9210aff9444382d16d1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "roxci (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T05:30:08.542Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367507 | raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367507"
},
{
"name": "VDB-367507 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367507/cti"
},
{
"name": "CVE-2026-10228 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10228"
},
{
"name": "Submit #822848 | raisulislamg4 student_management_system_by_php 1.0 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822848"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T10:04:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10228",
"datePublished": "2026-06-01T05:30:08.542Z",
"dateReserved": "2026-05-31T07:58:54.579Z",
"dateUpdated": "2026-06-01T13:15:40.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10227 (GCVE-0-2026-10227)
Vulnerability from cvelistv5 – Published: 2026-06-01 05:15 – Updated: 2026-06-03 15:47
VLAI
Title
raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection
Summary
A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367506 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367506/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10227 | third-party-advisory |
| https://vuldb.com/submit/822819 | third-party-advisory |
| https://github.com/raisulislamg4/student_manageme… | exploitissue-tracking |
| https://github.com/raisulislamg4/student_manageme… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| raisulislamg4 | student_management_system_by_php |
Affected:
310d950e09013d5133c6b9210aff9444382d16d1
cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T15:46:05.378846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T15:47:04.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/822819"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*"
],
"modules": [
"User Creation Handler"
],
"product": "student_management_system_by_php",
"vendor": "raisulislamg4",
"versions": [
{
"status": "affected",
"version": "310d950e09013d5133c6b9210aff9444382d16d1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fybox (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T05:15:08.358Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367506 | raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367506"
},
{
"name": "VDB-367506 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367506/cti"
},
{
"name": "CVE-2026-10227 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10227"
},
{
"name": "Submit #822819 | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary User Creation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822819"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/issues/4"
},
{
"tags": [
"product"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T10:04:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10227",
"datePublished": "2026-06-01T05:15:08.358Z",
"dateReserved": "2026-05-31T07:58:51.589Z",
"dateUpdated": "2026-06-03T15:47:04.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10226 (GCVE-0-2026-10226)
Vulnerability from cvelistv5 – Published: 2026-06-01 05:00 – Updated: 2026-06-02 15:02
VLAI
Title
raisulislamg4 student_management_system_by_php delete.php sql injection
Summary
A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367505 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367505/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10226 | third-party-advisory |
| https://vuldb.com/submit/822786 | third-party-advisory |
| https://github.com/raisulislamg4/student_manageme… | exploitissue-tracking |
| https://github.com/raisulislamg4/student_manageme… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| raisulislamg4 | student_management_system_by_php |
Affected:
310d950e09013d5133c6b9210aff9444382d16d1
cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10226",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:02:08.934078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:02:19.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*"
],
"product": "student_management_system_by_php",
"vendor": "raisulislamg4",
"versions": [
{
"status": "affected",
"version": "310d950e09013d5133c6b9210aff9444382d16d1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "buerchen (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T05:00:09.570Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367505 | raisulislamg4 student_management_system_by_php delete.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367505"
},
{
"name": "VDB-367505 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367505/cti"
},
{
"name": "CVE-2026-10226 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10226"
},
{
"name": "Submit #822786 | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary Record Deletion",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822786"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/issues/3"
},
{
"tags": [
"product"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T10:04:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "raisulislamg4 student_management_system_by_php delete.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10226",
"datePublished": "2026-06-01T05:00:09.570Z",
"dateReserved": "2026-05-31T07:58:48.500Z",
"dateUpdated": "2026-06-02T15:02:19.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10225 (GCVE-0-2026-10225)
Vulnerability from cvelistv5 – Published: 2026-06-01 04:45 – Updated: 2026-06-01 11:21
VLAI
Title
raisulislamg4 student_management_system_by_php Login login_check.php sql injection
Summary
A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367504 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367504/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10225 | third-party-advisory |
| https://vuldb.com/submit/822784 | third-party-advisory |
| https://github.com/raisulislamg4/student_manageme… | exploitissue-tracking |
| https://github.com/raisulislamg4/student_manageme… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| raisulislamg4 | student_management_system_by_php |
Affected:
310d950e09013d5133c6b9210aff9444382d16d1
cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10225",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T11:20:27.512410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T11:21:04.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*"
],
"modules": [
"Login"
],
"product": "student_management_system_by_php",
"vendor": "raisulislamg4",
"versions": [
{
"status": "affected",
"version": "310d950e09013d5133c6b9210aff9444382d16d1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dede1 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T04:45:08.570Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367504 | raisulislamg4 student_management_system_by_php Login login_check.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367504"
},
{
"name": "VDB-367504 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367504/cti"
},
{
"name": "CVE-2026-10225 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10225"
},
{
"name": "Submit #822784 | raisulislamg4 student_management_system_by_php 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822784"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/issues/2"
},
{
"tags": [
"product"
],
"url": "https://github.com/raisulislamg4/student_management_system_by_php/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T10:03:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "raisulislamg4 student_management_system_by_php Login login_check.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10225",
"datePublished": "2026-06-01T04:45:08.570Z",
"dateReserved": "2026-05-31T07:58:45.903Z",
"dateUpdated": "2026-06-01T11:21:04.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}