Vulnerability Title: itsourcecode School Management System V1.0 SQL Injection Vulnerability Description: SQL injection vulnerability in the "/ramonsys/report/index.php" file of the School Management System in PHP. Attackers can inject malicious code from the parameter 'ay' without logging in with valid credentials. The application fails to sanitize or validate this input before using it in SQL queries, allowing attackers to manipulate SQL queries and perform unauthorized operations. Source: https://github.com/angtas/cve/issues/1 User: angtas (UID 95051) Submission Date: 01/31/2026 01:35 PM (8 days ago) Moderation Date: 02/07/2026 06:20 PM (7 days later) Status: Accepted VulDB Entry: 234892 [itsourcecode School Management System 1.0 index.php ay sql injection] Points: 20