CVE-2026-36235

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

2th

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.

Vendor	n/a
Product	n/a
Published	Apr 10, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new critical vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_scheduleSubList.php_sql_injection.pdf