CVE-2026-2983
SourceCodester Student Result Management System Bulk Import import_users.php access control
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
| CWE | CWE-284 CWE-266 |
| Vendor | sourcecodester |
| Product | student result management system |
| Published | Feb 23, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for sourcecodester student result management system
Be the first to know when new high vulnerabilities affecting sourcecodester student result management system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
SourceCodester / Student Result Management System
1.0
References
vuldb.com: https://vuldb.com/?id.347366 vuldb.com: https://vuldb.com/?ctiid.347366 vuldb.com: https://vuldb.com/?submit.756135 github.com: https://github.com/Shaon-Xis/SRMS-1.0---Unauthenticated-SMTP-Hijacking-to-Account-Takeover#-vulnerability-2-unauthenticated-bulk-account-injection-arbitrary-file-upload sourcecodester.com: https://www.sourcecodester.com/
Credits
๐ yan1451 (VulDB User)