CVE-2026-9470: yashpokharna2555 StudentManagementSystem student_trans.php confirm_logged_in sql injection
A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.php. Such manipulation of the argument FIRST_NAME/Last_Name/EMAIL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-9470?
The severity of CVE-2026-9470 is rated as high with a score of 7.3.
How do I fix CVE-2026-9470?
To fix CVE-2026-9470, sanitize and validate user inputs in the confirm_logged_in function to prevent SQL injection.
What type of vulnerability is represented by CVE-2026-9470?
CVE-2026-9470 represents a SQL Injection vulnerability affecting the yashpokharna2555 StudentManagementSystem.
Which components of the software are impacted by CVE-2026-9470?
CVE-2026-9470 impacts the confirm_logged_in function within the student_trans.php file.
What could attackers exploit in CVE-2026-9470?
Attackers could exploit CVE-2026-9470 by manipulating the FIRST_NAME, LAST_NAME, or EMAIL parameters to execute SQL injection.