CVE-2026-11476

MEDIUM 6.3

Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

13th

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-285 CWE-266
Vendor	kushan2k
Product	student-management-system
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for kushan2k student-management-system

Be the first to know when new medium vulnerabilities affecting kushan2k student-management-system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Kushan2k / student-management-system

f16a4ceaddd6729c4b306ed4641cda3176c1ef2a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369096 vuldb.com: https://vuldb.com/vuln/369096/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11476 vuldb.com: https://vuldb.com/submit/833945 github.com: https://github.com/Kushan2k/student-management-system/issues/3 github.com: https://github.com/Kushan2k/student-management-system/

Credits

🔍 Pr0x1ma (VulDB User) VulDB CNA Team