CVE-2026-11474

HIGH 7.3

Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

14th

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-434 CWE-284
Vendor	kushan2k
Product	student-management-system
Published	Jun 8, 2026
Last Updated	Jun 9, 2026

Stay Ahead of the Next One

Get instant alerts for kushan2k student-management-system

Be the first to know when new high vulnerabilities affecting kushan2k student-management-system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Kushan2k / student-management-system

f16a4ceaddd6729c4b306ed4641cda3176c1ef2a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369094 vuldb.com: https://vuldb.com/vuln/369094/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11474 vuldb.com: https://vuldb.com/submit/833933 github.com: https://github.com/Kushan2k/student-management-system/issues/1 github.com: https://github.com/Kushan2k/student-management-system/

Credits

🔍 SweetSour (VulDB User) VulDB CNA Team