CVE 9.8 CRITICAL

CVE-2026-36235_CVE-2026-36235

April 14, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.

AI Analysis

SQL injection vulnerability in scheduleSubList.php file due to unsanitized 'subjcode' parameter

Basic Information

ID CVE-2026-36235

Source mitre

Published Apr 10, 2026 at 00:00

Modified Apr 14, 2026 at 14:04

Affected Product

Vendor itsourcecode

Product itsourcecode Online Student Enrollment System

Version v1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor itsourcecode

Product Online Student Enrollment System

Version v1.0

References

github.com /Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_scheduleSubList.php_sql_injection.pdf

{
    "lastseen": "",
    "description": "A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.",
    "published": "2026-04-10T00:00:00.000Z",
    "modified": "2026-04-14T14:04:25.315Z",
    "type": "cve",
    "title": "CVE-2026-36235",
    "source": "mitre",
    "references": "https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enrollment_System_in_scheduleSubList.php_sql_injection.pdf",
    "id": "CVE-2026-36235",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "itsourcecode Online Student Enrollment System",
    "version": "v1.0",
    "vendor": "itsourcecode",
    "ai_description": "SQL injection vulnerability in scheduleSubList.php file due to unsanitized 'subjcode' parameter",
    "ai_severity": "Critical",
    "ai_vendor": "itsourcecode",
    "ai_product": "Online Student Enrollment System",
    "ai_version": "v1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply