Description
A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the courseDel.php file of the StudentManagementSystem. By manipulating the ID argument, an attacker can inject arbitrary resource identifiers, enabling unauthorized control over deletion or modification of resources. This flaw is classified as input validation failure (CWE‑99). The public exploit makes the attack remote, potentially allowing a malicious actor to delete or tamper with course records without authentication. The impact is loss of integrity and availability of course data.

Affected Systems

Affected product is yashpokharna2555:StudentManagementSystem. No specific version information is available because the project uses a rolling release model, so any active deployment of the current repository revision is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. EPSS is not available, so the likelihood of exploitation remains uncertain, and the vulnerability is not listed in CISA KEV. Attackers can target the publicly exposed endpoint, but the lack of an available patch and the project's unresponsive support highlight the need for mitigation. The absence of a definitive exploitation path or known active exploitation trends reduces the immediacy, yet the remote nature of the attack keeps the risk moderate.

Generated by OpenCVE AI on May 25, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure that only authenticated administrators can reach courseDel.php, adding an authentication guard before any processing.
  • Perform strict input validation on the ID parameter, restricting it to numeric, existing identifiers within the allowed range.
  • Disable or unnecessarily remove the courseDel.php endpoint if it is not required.
  • Monitor application logs for unauthorized delete events and review any suspicious activity.
  • Keep an eye on the project's issue tracker, and apply any released fix or update as soon as one becomes available.

Generated by OpenCVE AI on May 25, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 08:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Title yashpokharna2555 StudentManagementSystem courseDel.php resource injection
First Time appeared Yashpokharna2555
Yashpokharna2555 studentmanagementsystem
Weaknesses CWE-99
CPEs cpe:2.3:a:yashpokharna2555:studentmanagementsystem:*:*:*:*:*:*:*:*
Vendors & Products Yashpokharna2555
Yashpokharna2555 studentmanagementsystem
References
Metrics cvssV2_0

{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Yashpokharna2555 Studentmanagementsystem
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T14:01:09.377Z

Reserved: 2026-05-24T07:21:07.198Z

Link: CVE-2026-9438

cve-icon Vulnrichment

Updated: 2026-05-26T13:59:35.523Z

cve-icon NVD

Status : Deferred

Published: 2026-05-25T08:16:25.583

Modified: 2026-05-26T19:54:40.357

Link: CVE-2026-9438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:00:10Z

Weaknesses
  • CWE-99

    Improper Control of Resource Identifiers ('Resource Injection')