Description
A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student Data Upload Endpoint. Such manipulation of the argument Student-Data-CSV leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-05
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can manipulate the Student-Data-CSV parameter in upload_student_data.php to upload files without restriction. This vulnerability exposes the system to arbitrary file uploads, potentially including executable code, which can compromise the web server and application. The weakness is categorized as improper access control (CWE‑284) and unrestricted upload of file with dangerous type (CWE‑434).

Affected Systems

The vulnerability affects the CollegeManagementSystem developed by tittuvarghese. Version details are not available because the project follows a rolling‑release model and has not published a fixed release. Any current deployment of the system is potentially impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack can be launched remotely; the exact authentication requirements are not specified, but the lack of access controls suggests that unauthenticated or low‑privileged users might be able to exploit it. Without proactive mitigation, an attacker could upload a malicious file that the web server might execute, leading to remote code execution.

Generated by OpenCVE AI on June 5, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-published patch or update when it becomes available
  • Restrict access to the upload endpoint so that only authenticated, privileged users can use it
  • Validate uploaded files to allow only CSV types and configure the upload directory as non‑executable

Generated by OpenCVE AI on June 5, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student Data Upload Endpoint. Such manipulation of the argument Student-Data-CSV leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Title tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted upload
First Time appeared Tittuvarghese
Tittuvarghese collegemanagementsystem
Weaknesses CWE-284
CWE-434
CPEs cpe:2.3:a:tittuvarghese:collegemanagementsystem:*:*:*:*:*:*:*:*
Vendors & Products Tittuvarghese
Tittuvarghese collegemanagementsystem
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tittuvarghese Collegemanagementsystem
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-05T13:45:07.923Z

Reserved: 2026-06-05T08:09:58.207Z

Link: CVE-2026-11333

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T15:16:51.147

Modified: 2026-06-05T16:04:48.437

Link: CVE-2026-11333

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T15:30:13Z

Weaknesses