itsourcecode Student Transcript Processing System 1.0 SQL Injection Vulnerability (CVE-2026-9575)

A SQL injection vulnerability, identified as CVE-2026-9575, has been discovered in itsourcecode Student Transcript Processing System version 1.0. The vulnerability resides within the /admin/modules/class/index.php?view=view component of the application. An attacker can remotely exploit this vulnerability by manipulating the ID argument passed to the affected script. Publicly available exploit code exists, increasing the risk of exploitation. Successful exploitation could allow an attacker to execute arbitrary SQL commands, potentially leading to data exfiltration, modification, or complete system compromise. This vulnerability poses a significant risk to organizations using the affected software.

Attack Chain

1. The attacker identifies an instance of Student Transcript Processing System 1.0.
2. The attacker crafts a malicious HTTP request targeting the /admin/modules/class/index.php?view=view endpoint.
3. The attacker injects SQL code into the ID parameter of the HTTP request.
4. The web server processes the request and passes the ID parameter to the vulnerable SQL query.
5. The injected SQL code is executed against the database.
6. The attacker retrieves sensitive data from the database, such as usernames, passwords, or student records.
7. The attacker may use the compromised credentials to gain further access to the system.
8. The attacker exfiltrates the stolen data or modifies records within the database, impacting integrity.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-9575) in itsourcecode Student Transcript Processing System 1.0 could lead to unauthorized access to sensitive student and administrative data. This could result in data breaches, identity theft, and reputational damage for the affected educational institution. The ability to execute arbitrary SQL commands could also allow attackers to modify or delete data, leading to disruptions in academic operations. Given the ease of exploitation and the availability of public exploits, organizations using this software are at high risk.

Recommendation

• Apply any available patches or updates for itsourcecode Student Transcript Processing System 1.0 to remediate CVE-2026-9575.
• Deploy the Sigma rule Detect CVE-2026-9575 Exploitation Attempt to your SIEM and tune for your environment.
• Implement input validation and sanitization measures to prevent SQL injection attacks.
• Monitor web server logs for suspicious activity targeting the /admin/modules/class/index.php?view=view endpoint using the rule Detect CVE-2026-9575 SQL Injection.