A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1 and classified as critical . Impacted is an unknown function of the file delete.php . Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The identification of this vulnerability is CVE-2026-10226 . The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a