{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4236", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-15T18:53:46.351Z", "datePublished": "2026-03-16T11:32:09.033Z", "dateUpdated": "2026-03-16T18:55:03.627Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-16T11:32:09.033Z"}, "title": "itsourcecode Online Enrollment System index.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "itsourcecode", "product": "Online Enrollment System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-15T19:58:51.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "yu_ji (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.351159", "name": "VDB-351159 | itsourcecode Online Enrollment System index.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351159", "name": "VDB-351159 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.771239", "name": "Submit #771239 | itsourcecode Online Enrollment System V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.771241", "name": "Submit #771241 | itsourcecode Online Enrollment System V1.0 SQL Injection (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.771242", "name": "Submit #771242 | itsourcecode Online Enrollment System V1.0 SQL Injection (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/yuji0903/silver-guide/issues/10", "tags": ["issue-tracking"]}, {"url": "https://github.com/yuji0903/silver-guide/issues/12", "tags": ["exploit", "issue-tracking"]}, {"url": "https://itsourcecode.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T18:49:14.019504Z", "id": "CVE-2026-4236", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:55:03.627Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4236", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T18:49:14.019504Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T18:53:25.907Z"}}], "cna": {"tags": ["x_freeware"], "title": "itsourcecode Online Enrollment System index.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "yu_ji (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "itsourcecode", "product": "Online Enrollment System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-15T19:58:51.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351159", "name": "VDB-351159 | itsourcecode Online Enrollment System index.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351159", "name": "VDB-351159 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.771239", "name": "Submit #771239 | itsourcecode Online Enrollment System V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.771241", "name": "Submit #771241 | itsourcecode Online Enrollment System V1.0 SQL Injection (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.771242", "name": "Submit #771242 | itsourcecode Online Enrollment System V1.0 SQL Injection (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/yuji0903/silver-guide/issues/10", "tags": ["issue-tracking"]}, {"url": "https://github.com/yuji0903/silver-guide/issues/12", "tags": ["exploit", "issue-tracking"]}, {"url": "https://itsourcecode.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-16T11:32:09.033Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4236", "state": "PUBLISHED", "dateUpdated": "2026-03-16T18:55:03.627Z", "dateReserved": "2026-03-15T18:53:46.351Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-16T11:32:09.033Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en itsourcecode Online Enrollment System 1.0. Afectada es una funci\u00f3n desconocida del archivo /enrollment/index.php?view=add. Tal manipulaci\u00f3n del argumento txtsearch/deptname/name conduce a inyecci\u00f3n SQL. El ataque puede ser realizado desde remoto. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-4236", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-16T14:20:17.960", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/yuji0903/silver-guide/issues/10"}, {"source": "cna@vuldb.com", "url": "https://github.com/yuji0903/silver-guide/issues/12"}, {"source": "cna@vuldb.com", "url": "https://itsourcecode.com/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351159"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351159"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.771239"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.771241"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.771242"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "Online Enrollment System", "source": "cna", "vendor": "itsourcecode"}, "product": "online_student_enrollment_system", "vendor": "itsourcecode"}], "analysis": {"en": {"generated_at": "2026-03-22T15:36:36.380336+00:00", "value": {"mitigation_remediation": ["Apply an official patch or update to the Online Enrollment System 1.0 from the vendor if available.", "If no patch exists, restrict access to the /enrollment/index.php?view=add endpoint to authenticated users only and implement strict input validation, such as using prepared statements or parameterized queries to eliminate SQL injection."], "summary": {"action": "Apply Patch", "impact": "Remote SQL injection enabling unauthorized data access or modification"}, "threat_synthesis": {"affected_systems": "Affected components include the vendor itsourcecode and its Online Enrollment System version 1.0. The issue is confined to the /enrollment/index.php script that handles the add view. No other versions or modules are reported to be impacted.", "description_and_impact": "The vulnerability occurs in the index.php page of the Online Enrollment System when the view=add action processes input parameters. An attacker can supply crafted values for txtsearch, deptname, or name, causing the application to construct unsanitized SQL statements. This flaw permits arbitrary SQL injection, allowing the attacker to read, modify, or delete enrollment data stored in the database.", "risk_and_exploitability": "The severity rating is 6.9 on the CVSS scale, representing a moderate risk. Exploit probability is low, with a score under 1%. The flaw is not cataloged in the known exploited vulnerabilities list, indicating no known active exploitation. Nevertheless, the vulnerability can be triggered remotely without authentication, so a threat assessment should consider it a moderate but relevant risk for exposed deployments."}}}}, "created": "2026-03-24T10:44:55.145291+00:00", "updated": "2026-03-30T08:00:26.321775+00:00", "vendors": ["itsourcecode", "itsourcecode$PRODUCT$online_student_enrollment_system"]}