CVE-2026-3149 PUBLISHED

A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument course_code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

• Zhangchao404 (VulDB User) reporter

• VDB-347657 | itsourcecode College Management System asign-single-student-subjects.php sql injection
• VDB-347657 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #758828 | itsourcecode College Management System V1.0 SQL Injection
• https://github.com/Zhangchao404/cve/issues/1
• https://itsourcecode.com/

• SQL Injection CWE
• Injection CWE