CVE-2026-2190 | itsourcecode School Management System 1.0 controller.php ID sql injection

Inserito da Angelo Barbosa | Feb 7, 2026 | CVE

A vulnerability, which was classified as critical, was found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection.

This vulnerability is reported as CVE-2026-2190. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-2190 | itsourcecode School Management System 1.0 controller.php ID sql injection

Post correlati

CVE-2024-2651 | GitLab Community Edition/Enterprise Edition up to 16.9.6/16.10.4/16.11.1 Markdown resource consumption (Issue 450830)

CVE-2025-58290 | Huawei HarmonyOS 5.0.1/5.1.0 Office Service resolution of path

CVE-2024-42007 | php-spx up to 0.4.15 SPX_UI_URI path traversal (Issue 251)

CVE-2025-62028 | Salient Plugin up to 17.3.x on WordPress authorization