CVE-2026-3261 | itsourcecode School Management System 1.0 Setting /settings/index.php ID sql injection

Inserito da Angelo Barbosa | Feb 26, 2026 | CVE

A vulnerability classified as critical has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection.

This vulnerability appears as CVE-2026-3261. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-3261 | itsourcecode School Management System 1.0 Setting /settings/index.php ID sql injection

Post correlati

CVE-2025-5898 | GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb utilities/pspp-convert.c parse_variables_option out-of-bounds write (Bug 67071)

CVE-2024-21771 | F5 BIG-IP AFM up to 15.1.8/16.1.3/17.1.0 IPS Engine allocation of resources (K000137595)

CVE-2025-62173 | FreePBX up to 16.0.40/17.0.5 REST API sql injection (GHSA-q3h9-fmpr-vpfw)

CVE-2024-10237 | SMCI MBD-X12DPG-OA6 1.04.16 BMC Firmware Image Authentication signature verification