Critical severity9.8NVD Advisory· Published Apr 10, 2026· Updated Apr 14, 2026

CVE-2026-36235

Description

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.

Affected products

Itsourcecode/Online Student Enrollment System
cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_scheduleSubList.php_sql_injection.pdfnvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000