EUVD-2026-35006

🗓️ 08 Jun 2026 01:15:08Reported by EUVDType

Weakness in Kushan2k system: getStatus in GradeController.php enables remote query injection via nic; rolling release with no versions; issue reported, no response.

Reporter	Title	Published	Views	Family All 6
ATTACKERKB	CVE-2026-11475	8 Jun 202601:15	–	attackerkb
Circl	CVE-2026-11475	8 Jun 202604:53	–	circl
CVE	CVE-2026-11475	8 Jun 202601:15	–	cve
Cvelist	CVE-2026-11475 Kushan2k student-management-system Certificate Verification Endpoint GradeController.php getStatus sql injection	8 Jun 202601:15	–	cvelist
NVD	CVE-2026-11475	8 Jun 202602:16	–	nvd
Positive Technologies	PT-2026-47237	8 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "504aa218-23b9-33d0-883f-51dba85682dd",
        "vendor": {
          "name": "Kushan2k"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "d0634f44-3541-3dc9-a3a1-9b47ff1a8dc5",
        "product": {
          "name": "Student-Management-System",
          "vendor": {
            "name": "Cyber-III"
          }
        },
        "product_version": "f16a4ceaddd6729c4b306ed4641cda3176c1ef2a"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/369095
vuldb	www.vuldb.com/vuln/369095/cti
vuldb	www.vuldb.com/cve/CVE-2026-11475
vuldb	www.vuldb.com/submit/833942
github	www.github.com/Kushan2k/student-management-system/issues/2
github	www.github.com/Kushan2k/student-management-system/

08 Jun 2026 01:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3