CVE-2026-3151 - Vulnerability Analysis
HighCVSS: 7.3Last Updated: February 25, 2026
itsourcecode College Management System - SQL Injection
Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable
Overview
itsourcecode College Management System 1.0 contains a sql injection caused by manipulation of the "email" argument in /login/login.php, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.
Severity & Score
Severity: High
CVSS Score: 7.3
Impact
Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.
Mitigation
Update to the latest version or apply vendor patches addressing this vulnerability.
References
Related Resources
Details
- CVE ID
- CVE-2026-3151
- Severity
- High
- CVSS Score
- 7.3
- Type
- sql_injection
- Status
- confirmed
CWE
- CWE-74
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L