VYPR
Critical severity9.8NVD Advisory· Published Apr 10, 2026· Updated Apr 14, 2026

CVE-2026-36235

CVE-2026-36235

Description

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:itsourcecode:online_student_enrollment_system:1.0:*:*:*:*:*:*:*
    • (no CPE)range: = 1.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.