CVE-2026-11334
Description
SQL injection in CollegeManagementSystem's fetch.php allows unauthenticated remote attackers to manipulate database queries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in CollegeManagementSystem's fetch.php allows unauthenticated remote attackers to manipulate database queries.
Vulnerability
A SQL injection vulnerability exists in the fetch.php script within the dashboard_page/forms/ directory of the tittuvarghese CollegeManagementSystem. The vulnerability stems from the direct embedding of the department_code POST parameter into an SQL query without any sanitization or parameterization, specifically in the line $sql = mysql_query("SELECT * FROM courses WHERE department_code='$department_code' ORDER BY id DESC"); [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending a POST request to the fetch.php endpoint with a manipulated department_code parameter. The script lacks authentication, allowing remote attackers to inject arbitrary SQL syntax. This can be achieved by appending malicious SQL code, such as ' OR 1=1--, to the department_code value to alter the query's logic [1].
Impact
Successful exploitation of this SQL injection vulnerability allows an attacker to extract sensitive information from the database using techniques like boolean-based or time-based blind SQL injection. The attacker gains the ability to read data from the database, potentially compromising confidential information stored within the college management system [1].
Mitigation
No specific version details for affected or updated releases are available due to the project's continuous delivery model. The project was informed of the vulnerability via an issue report but has not yet responded. As of the available references, no patch or official mitigation has been released, and the exploit is publicly known [1, 2].
AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The script directly embeds user-supplied input into an SQL query without sanitization or parameterization."
Attack vector
An unauthenticated attacker can initiate an attack remotely by sending a POST request to the `fetch.php` endpoint. The attacker manipulates the `department_code` argument with SQL syntax. This injection is possible because the script lacks authentication checks and does not sanitize the input before embedding it into the SQL query [ref_id=1]. The exploit is public and may be used to extract sensitive information.
Affected code
The vulnerability exists in the `fetch.php` file, specifically within lines 18-30. The script directly embeds the `department_code` value, which is received via POST, into an SQL query without proper sanitization or parameterization. The vulnerable line is: `$sql = mysql_query("SELECT * FROM `courses` WHERE department_code='$department_code' ORDER BY id DESC");` [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on remediation. The project was informed of the vulnerability but has not responded. Therefore, no fix explanation can be provided.
Preconditions
- authNo authentication is required to exploit this vulnerability [ref_id=1].
- networkThe attack can be initiated remotely.
- inputThe `department_code` parameter is vulnerable to SQL injection.
Reproduction
Send a legitimate POST request to fetch.php with action=fetch_department_data&department_code=CSE. The server returns a JSON array of course names. Inject a SQL payload that modifies the query logic (e.g., ' OR 1=1--). Observe that the response structure changes, confirming injection. Use more advanced payloads (e.g., UNION SELECT ..., or time-based SLEEP) to extract data. [ref_id=1]
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.