Product
A SQL injection vulnerability (CVE-2026-6595) exists in the ProjectsAndPrograms School Management System affecting the buslocation.php file's HTTP GET parameter handler, allowing remote attackers to inject SQL commands via the 'bus_id' argument.