Description
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in an undisclosed function of the Student Management System’s Dashboard component, allowing remote actors to manipulate request parameters and bypass the intended access controls. Injecting crafted payloads can grant an authenticated or unauthenticated attacker unauthorized entry to secure sections of the application, potentially exposing user data and administrative functions. The weakness can be classified against CWE‑266 and CWE‑284, indicating a failure to enforce authorization policies.

Affected Systems

Products affected are those released before commit 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5 of the Sambitraj Student Management System. Because the project follows a rolling release model, exact version numbers are not tied to discrete releases; thus any instance deployed before the fix will remain vulnerable until it is updated or the commit is superseded.

Risk and Exploitability

The CVSS score of 6.9 places the flaw in the medium severity range. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog, but the remote exploitation potential and lack of an immediate public patch raise the overall risk. Attackers could exploit this remotely over the network, and the absence of vendor response suggests that mitigation must be performed by the user until an official patch is released.

Generated by OpenCVE AI on May 26, 2026 at 18:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Determine if the deployed system contains the vulnerable commit by comparing the current code hash or application version against 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5.
  • Apply the latest release or patch that removes the insecure Dashboard functionality, or, if unavailable, restrict network access to the dashboard endpoints to trusted IP ranges only.
  • Implement role‑based access controls to ensure that only users with appropriate privileges can reach the dashboard, thereby compensating for the missing authorization checks.
  • As a temporary safeguard, configure a web application firewall or similar security layer to block anomalous requests targeting the dashboard routes.

Generated by OpenCVE AI on May 26, 2026 at 18:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
Title sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control
First Time appeared Sambitraj
Sambitraj student-management-system
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:sambitraj:student-management-system:*:*:*:*:*:*:*:*
Vendors & Products Sambitraj
Sambitraj student-management-system
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sambitraj Student-management-system
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-28T14:33:57.183Z

Reserved: 2026-05-26T10:34:09.802Z

Link: CVE-2026-9562

cve-icon Vulnrichment

Updated: 2026-05-28T14:31:04.230Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T17:16:57.413

Modified: 2026-05-28T16:16:31.380

Link: CVE-2026-9562

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:15:14Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-284

    Improper Access Control