Description
A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-05
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in CollegeManagementSystem allows an attacker to manipulate the UserAuthData argument in the admin_page.php file, bypassing authorization checks and gaining unauthorized access to the admin interface. This bypass is rooted in improper handling of authentication tokens, as classified by CWE‑266 and CWE‑285, potentially giving an attacker full administrative control. The condition is triggered via externally supplied input and can be activated remotely.

Affected Systems

All current and future releases from the tittuvarghese/CollegeManagementSystem GitHub repository are potentially vulnerable, since the project follows a rolling release model and no specific affected versions are identified. The vulnerability resides in an unknown function of the dashboard_page/admin_page.php component of the Admin Interface.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is not available, so a precise exploitation probability cannot be stated. The vulnerability is not listed in CISA KEV and the exploit requires remote interaction, suggesting that an attacker could craft malicious requests to the admin_page.php endpoint to gain elevated privileges. While the exploit is currently feasible, the risk level remains moderate pending a patch from the vendor.

Generated by OpenCVE AI on June 5, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch from the official repository or merge the repository commit that resolves the auth bypass in admin_page.php; if a patch is not yet available, manually implement the fix by verifying UserAuthData against valid session tokens and enforcing role‑based access control.
  • Restrict external access to the admin interface by placing it behind a firewall or VPN, limiting access only to trusted hosts.
  • Enhance input validation for the UserAuthData parameter and add rigorous authorization checks within admin_page.php to prevent bypassing of authentication logic.

Generated by OpenCVE AI on June 5, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Title tittuvarghese CollegeManagementSystem Admin admin_page.php improper authorization
First Time appeared Tittuvarghese
Tittuvarghese collegemanagementsystem
Weaknesses CWE-266
CWE-285
CPEs cpe:2.3:a:tittuvarghese:collegemanagementsystem:*:*:*:*:*:*:*:*
Vendors & Products Tittuvarghese
Tittuvarghese collegemanagementsystem
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tittuvarghese Collegemanagementsystem
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-05T15:00:16.287Z

Reserved: 2026-06-05T08:10:07.777Z

Link: CVE-2026-11336

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T16:16:41.077

Modified: 2026-06-05T16:16:41.077

Link: CVE-2026-11336

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T16:30:06Z

Weaknesses