CVE 9.8 CRITICAL

CVE-2026-36233_CVE-2026-36233

April 14, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation.

AI Analysis

SQL injection vulnerability in assignInstructorSubjects.php file

Basic Information

ID CVE-2026-36233

Source mitre

Published Apr 10, 2026 at 00:00

Modified Apr 14, 2026 at 14:19

Affected Product

Vendor itsourcecode

Product itsourcecode Online Student Enrollment System

Version v1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor itsourcecode

Product Online Student Enrollment System

Version v1.0

References

github.com /Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_assignInstructorSubjects.php_sql_injection.pdf

{
    "lastseen": "",
    "description": "A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter \"subjcode\" and use it directly in SQL queries without the need for appropriate cleaning or validation.",
    "published": "2026-04-10T00:00:00.000Z",
    "modified": "2026-04-14T14:19:38.512Z",
    "type": "cve",
    "title": "CVE-2026-36233",
    "source": "mitre",
    "references": "https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_assignInstructorSubjects.php_sql_injection.pdf",
    "id": "CVE-2026-36233",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "itsourcecode Online Student Enrollment System",
    "version": "v1.0",
    "vendor": "itsourcecode",
    "ai_description": "SQL injection vulnerability in assignInstructorSubjects.php file",
    "ai_severity": "Critical",
    "ai_vendor": "itsourcecode",
    "ai_product": "Online Student Enrollment System",
    "ai_version": "v1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply