Vulnerabilities ›

CVE-2026-11475

Medium

CWE-74 — Weakness Type

                    Published: Jun 8, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of the argument nic can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

A SQL injection vulnerability exists in Kushan2k student-management-system's Certificate Verification Endpoint through the getStatus function in GradeController.php, allowing remote attackers to manipulate the 'nic' parameter. This vulnerability has a CVSS score of 6.3 and could lead to unauthorized database access and data manipulation.

📄 Description (Arabic)

ثغرة حقن SQL في دالة getStatus بملف controllers/GradeController.php تسمح بمعالجة معامل 'nic' بشكل غير آمن. يمكن للمهاجمين استغلال هذه الثغرة للوصول غير المصرح به إلى قاعدة البيانات وتعديل البيانات الحساسة المتعلقة بالشهادات والدرجات.

🤖 ملخص تنفيذي (AI)

ثغرة حقن SQL موجودة في نقطة نهاية التحقق من الشهادات في نظام إدارة الطلاب Kushan2k، مما يسمح للمهاجمين بالوصول غير المصرح به إلى قاعدة البيانات. يمكن استغلال هذه الثغرة عن بعد من خلال معالجة معامل 'nic' في دالة getStatus.

🤖 AI Intelligence Analysis Analyzed: Jun 8, 2026 07:18

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government healthcare education

🎯 MITRE ATT&CK Techniques

T1190 T1566 T1557

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update Kushan2k student-management-system to the latest rolling release version immediately. Implement input validation and parameterized queries for all database operations, particularly in the getStatus function. Apply Web Application Firewall (WAF) rules to detect and block SQL injection attempts. Conduct a security audit of the Certificate Verification Endpoint and all similar endpoints.

🔧 خطوات المعالجة (العربية)

قم بتحديث نظام إدارة الطلاب Kushan2k إلى أحدث إصدار فوراً. طبق التحقق من صحة المدخلات والاستعلامات المعاملة لجميع عمليات قاعدة البيانات. استخدم جدران الحماية لتطبيقات الويب لكشف محاولات حقن SQL. أجر تدقيقاً أمنياً شاملاً لنقطة التحقق من الشهادات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1 A.12.2.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.DS-1 DE.CM-1

🟡 ISO 27001:2022

A.12.4.1 A.14.2.1 A.13.1.1

🔗 References & Sources 6

🔗

https://github.com/Kushan2k/student-management-system/

cna@vuldb.com

🔗

https://github.com/Kushan2k/student-management-system/issues/2

cna@vuldb.com

🔗

https://vuldb.com/cve/CVE-2026-11475

cna@vuldb.com

🔗

https://vuldb.com/submit/833942

cna@vuldb.com

🔗

https://vuldb.com/vuln/369095

cna@vuldb.com

🔗

https://vuldb.com/vuln/369095/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-74

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-06-08

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-11475

Introduce Yourself

Sign In Required