Description
A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the student-management-system allows an attacker to manipulate request parameters to bypass the authentication process, enabling unauthorized access to user accounts and sensitive data. The vulnerability affects an unknown function and is exploitable remotely, as public exploits are available for multiple endpoints. This improper authentication can compromise confidentiality and integrity of the system’s data and allow malicious users to perform any actions permitted to legitimate accounts.

Affected Systems

The issue impacts all versions of sayan365 student‑management‑system up to commit 7f3c9ce7d410332335c2affac93a385485051800, with no precise version guidance due to the project’s rolling‑release delivery model.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the vulnerability is remotely exploitable with a public exploit currently available. Although EPSS data is missing and the vulnerability is not listed in CISA KEV, the existence of multiple affected endpoints and the ability to bypass authentication elevate the risk. The likely attack vector is a remote attacker sending crafted requests to the application’s login or related authentication endpoints, as inferred from the description.

Generated by OpenCVE AI on June 3, 2026 at 03:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the application to a commit that includes the fix for the authentication bypass; examine the latest repository changes for a patch or newer release.
  • Restrict network access to the authentication endpoints by implementing firewall rules or IP whitelisting so only trusted hosts can reach them.
  • Enforce strong password policies and disable default or weak credentials, and where possible enable multi‑factor authentication to mitigate the impact of any remaining authentication flaws.

Generated by OpenCVE AI on June 3, 2026 at 03:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
Title sayan365 student-management-system improper authentication
First Time appeared Sayan365
Sayan365 student-management-system
Weaknesses CWE-287
CPEs cpe:2.3:a:sayan365:student-management-system:*:*:*:*:*:*:*:*
Vendors & Products Sayan365
Sayan365 student-management-system
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sayan365 Student-management-system
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-03T13:25:08.078Z

Reserved: 2026-06-02T13:54:23.752Z

Link: CVE-2026-10619

cve-icon Vulnrichment

Updated: 2026-06-03T13:24:41.537Z

cve-icon NVD

Status : Received

Published: 2026-06-02T21:16:26.180

Modified: 2026-06-02T21:16:26.180

Link: CVE-2026-10619

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:54:50Z

Weaknesses