CVE-2026-12529 - Vulnerability Details

- SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control

Description

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible.

Published: 2026-06-17

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability exists in the Student Self‑Registration endpoint of the SourceCodester CET Automated Grading System with AI Predictive Analytics. Manipulating an unknown function in /index.php removes or weakens the enforcement of access permissions, allowing an attacker to perform actions that should be restricted to authorized users. Remote exploitation is possible, giving an attacker the ability to gain unauthorized access to student or administrative functions and potentially alter grading data or create accounts.

Affected Systems

The affected product is the SourceCodester CET Automated Grading System with AI Predictive Analytics, version 1.0. No other versions or vendor/minor product variations are documented as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate overall severity, while the EPSS score of less than 1% suggests limited current exploitation activity. The vulnerability is not listed in CISA’s KEV catalog. Exploitation is likely to occur via a remote HTTP request to /index.php with crafted parameters, exploiting the improper access control to elevate privileges or bypass authentication. The lack of a public exploit or widespread reports reduces immediate risk, but the flaw permits unauthorized access to sensitive grading information.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

CET Automated Grading System with AI Predictive Analytics

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Cet Automated Grading System With Ai Predictive Analytics

95%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the system to the latest release that includes hardened access control for the /index.php endpoint.
Restrict direct access to the Student Self‑Registration endpoint by configuring the web server or a reverse proxy to require authentication and proper role checks before allowing requests.
Deploy a web application firewall or security rule set that blocks known attack patterns targeting the /index.php endpoint until a patch is applied.

Generated by OpenCVE AI on June 18, 2026 at 18:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00284.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://vuldb.com/cve/CVE-2026-12529
https://vuldb.com/submit/837783
https://vuldb.com/vuln/371976
https://vuldb.com/vuln/371976/cti
https://www.sourcecodester.com/

History

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible.
Title		SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control
First Time appeared		Sourcecodester Sourcecodester cet Automated Grading System With Ai Predictive Analytics
Weaknesses		CWE-266 CWE-284
CPEs		cpe:2.3:a:sourcecodester:cet_automated_grading_system_with_ai_predictive_analytics::::::::
Vendors & Products		Sourcecodester Sourcecodester cet Automated Grading System With Ai Predictive Analytics
References		https://vuldb.com/cve/CVE-2026-12529 https://vuldb.com/submit/837783 https://vuldb.com/vuln/371976 https://vuldb.com/vuln/371976/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}`

Subscriptions

Sourcecodester Cet Automated Grading System With Ai Predictive Analytics

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-17T18:30:07.946Z

Updated: 2026-06-18T15:30:25.158Z

Reserved: 2026-06-17T13:50:03.506Z

Link: CVE-2026-12529

Vulnrichment

Updated: 2026-06-18T15:30:21.184Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses

CWE-266
Incorrect Privilege Assignment
CWE-284
Improper Access Control

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object