A vulnerability identified as critical has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46 . This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint . Performing a manipulation of the argument a_usr/a_pwd results in sql injection. This vulnerability is reported as CVE-2026-11531 . The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a roll