Description
A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A weakness in the Student Record Handler of imvks786's student_management_system, specifically the /add.php endpoint, allows an attacker to bypass standard access controls and modify or add student records. The flaw arises from insufficient authorization checks and can be exploited remotely, and public exploit code is available. This vulnerability corresponds to CWE-266 and CWE-284 and could compromise data integrity.

Affected Systems

The affected product is imvks786:student_management_system, but no exact version is published because the project employs a rolling release model. The vulnerable function resides in add.php and is present in any build older than commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Because the repository does not publish discrete release versions, administrators must check the current codebase against this commit identifier to determine exposure.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate risk; EPSS data is unavailable, and the vulnerability is not listed in CISA's KEV catalog. The attacker can trigger the flaw remotely via crafted HTTP requests to /add.php, and exploitation is publicly available, implying that the likelihood of breach remains significant for systems that have not addressed the access control oversight.

Generated by OpenCVE AI on June 8, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Modify the source code to enforce strict authentication and role‑based authorization checks before processing any request to /add.php.
  • Apply a server‑side firewall or reverse‑proxy rule that blocks unauthenticated access to the /add.php path.
  • Enable thorough logging of all attempts to access /add.php and monitor for anomalous activity.

Generated by OpenCVE AI on June 8, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Title imvks786 student_management_system Student Record add.php access control
First Time appeared Imvks786
Imvks786 student Management System
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:*
Vendors & Products Imvks786
Imvks786 student Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Imvks786 Student Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T17:53:36.585Z

Reserved: 2026-06-07T19:53:24.158Z

Link: CVE-2026-11532

cve-icon Vulnrichment

Updated: 2026-06-08T17:53:26.626Z

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:40.363

Modified: 2026-06-08T17:16:40.363

Link: CVE-2026-11532

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T18:30:16Z

Weaknesses