CVE-2023-49982

HIGH

School Fees Management System 1.0 - Incorrect Authorization in User Management Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49982. PoCs published by geraldoalcantara.

AI-analyzed exploit summary The repository describes an incorrect access control vulnerability in School Fees Management System v1.0, allowing privilege escalation to administrative functions. It provides affected URLs and steps to reproduce but lacks functional exploit code.

Description

Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.

Exploits (1)

nomisec WRITEUP
by geraldoalcantara · poc
https://github.com/geraldoalcantara/CVE-2023-49982

The repository describes an incorrect access control vulnerability in School Fees Management System v1.0, allowing privilege escalation to administrative functions. It provides affected URLs and steps to reproduce but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: School Fees Management System v1.0
Auth required
Prerequisites: Valid user credentials · Access to administrative URLs
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0084
EPSS Percentile 53.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (1)
oretnom23/school_fees_management_system 1.0
Published Mar 21, 2024
Tracked Since Feb 18, 2026