CVE-2026-11533 - Vulnerability Details

- imvks786 student_management_system Student Deletion Endpoint see.php improper authorization

Description

A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-06-08

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A security issue in the student_management_system project allows attackers to manipulate the del argument in the /see.php endpoint, resulting in improper authorization. This flaw lets a remote user trigger deletion of records without proper authentication or validation. The impact is the loss of data integrity. The weakness is identified as improper authorization and credential management (CWE-266, CWE-285).

Affected Systems

The affected product is the imvks786 Student Management System, version up to the commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46. No version updates are available, and the project uses a rolling release model. The vulnerability exists in the Student Deletion Endpoint implemented in see.php.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. The EPSS score is not available, and the flaw is not listed in CISA KEV. Attackers can exploit the issue remotely by sending specially crafted HTTP requests that include the del parameter. Because no official fix has been released, the risk remains, especially for deployments with unrestricted access to the deletion endpoint.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

imvks786

student_management_system

affected

Version	Status	Constraints
`9599b560ad3c3b83e75d328b76bedcd489ef1f46`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Restrict the /see.php endpoint so that only authenticated administrators can access it.
Add code that verifies the del value and ensures it references a valid student record before performing deletion.
If the deletion feature is not required, remove or disable the endpoint entirely.

Generated by OpenCVE AI on June 8, 2026 at 18:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/imvks786/student_management_system/
https://github.com/imvks786/student_management_system/issues/4
https://vuldb.com/cve/CVE-2026-11533
https://vuldb.com/submit/836636
https://vuldb.com/vuln/369150
https://vuldb.com/vuln/369150/cti

History

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Title		imvks786 student_management_system Student Deletion Endpoint see.php improper authorization
First Time appeared		Imvks786 Imvks786 student Management System
Weaknesses		CWE-266 CWE-285
CPEs		cpe:2.3:a:imvks786:student_management_system::::::::
Vendors & Products		Imvks786 Imvks786 student Management System
References		https://github.com/imvks786/student_management_system/ https://github.com/imvks786/student_management_system/issues/4 https://vuldb.com/cve/CVE-2026-11533 https://vuldb.com/submit/836636 https://vuldb.com/vuln/369150 https://vuldb.com/vuln/369150/cti
Metrics		cvssV2_0 `{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Imvks786 Student Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-08T16:30:10.472Z

Updated: 2026-06-08T16:30:10.472Z

Reserved: 2026-06-07T19:53:26.805Z

Link: CVE-2026-11533

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:40.563

Modified: 2026-06-08T17:16:40.563

Link: CVE-2026-11533

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-08T19:00:14Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object