CVE-2026-36232

NONE EPSS 0.04%

Apr 10, 2026

Updated Apr 10, 2026

PHP

Parameter	Value
Vendor	PHP
Public PoC	No

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.

References 1

https://github.com/Amorsec/CVE-PHP/blob/main/itsourcecode-Online_Student_Enroll…

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6409

PHP

7.1

CVE-2026-37347

PHP

9.1

CVE-2026-37346

PHP

4.7

CVE-2026-37345

PHP

9.8

CVE-2026-37344

PHP

7.2

CVE Details

CVE ID

CVE-2026-36232

Published Date

Apr 10, 2026

Vendor

PHP

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.04%

Likelihood of exploitation in next 30 days

Percentile: 11.4th percentile (higher than 11.4% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-36232

References 1

Related Vulnerabilities

CVE-2026-6409

CVE-2026-37347

CVE-2026-37346

CVE-2026-37345

CVE-2026-37344

CVE Details

Editor's Choice

Menu

CVE-2026-36232

References 1

Related Vulnerabilities

CVE-2026-6409

CVE-2026-37347

CVE-2026-37346

CVE-2026-37345

CVE-2026-37344

CVE Details

Editor's Choice

Stay informed on cybersecurity