CVE-2026-6595 | ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 HTTP GET Parameter buslocation.php bus_id sql injection

A vulnerability marked as critical has been reported in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id leads to sql injection.

This vulnerability is traded as CVE-2026-6595. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6595 | ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 HTTP GET Parameter buslocation.php bus_id sql injection

Post correlati

CVE-2024-11251 | erzhongxmu Jeewms up to 20241108 AuthInterceptor cgReportController.do begin_date sql injection (IB2XZG)

CVE-2024-28960 | mbed TLS up to 2.28.7/3.5.x PSA Crypto API Privilege Escalation

CVE-2024-0302 | fhs-opensource iparking 1.5.22.RELEASE /vueLogin deserialization

CVE-2023-53145 | Linux Kernel up to 6.1.51 Bluetooth btsdio_remove use after free