A SQL injection vulnerability has been discovered in raisulislamg4's student_management_system_by_php affecting the delete.php file. The flaw allows remote attackers to manipulate parameters including user_id, course_id, teacher_id, student_id, and application_id to execute SQL injection attacks. The vulnerability affects systems up to commit 310d950e09013d5133c6b9210aff9444382d16d1. An exploit has been publicly published and made available. The project maintainers were notified through an issue report but have not responded. Due to the rolling release model, specific version numbers for affected or patched releases are not available.