SQL Injection Vulnerability in itsourcecode Online Student Enrollment System
CVE-2026-36232
9.8CRITICAL
What is CVE-2026-36232?
An SQL injection vulnerability exists in the instructorClasses.php file of itsourcecode's Online Student Enrollment System version 1.0 due to improper handling of the 'classId' parameter. The application directly concatenates user input from the 'classId' parameter into SQL queries, exposing it to potential malicious SQL code execution. This flaw, resulting from a lack of input sanitization or validation, could allow an attacker to manipulate database queries and gain unauthorized access to sensitive data.