CVE-2026-10271
MEDIUMa4m4 Student-Management-System Admin Endpoint admin redirect
Title source: cnaDescription
A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367550 | a4m4 Student-Management-System Admin Endpoint admin redirect
https://vuldb.com/vuln/367550
Signature, Permissions Required signature
permissions-required
VDB-367550 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367550/cti
Third Party Advisory third-party-advisory
CVE-2026-10271 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10271
Third Party Advisory third-party-advisory
Submit #825224 | a4m4 Student-Management-System--PHP- 1.0 Authentication Bypass
https://vuldb.com/submit/825224
Exploit exploit
issue-tracking
https://github.com/a4m4/Student-Management-System--PHP-/issues/2
Scores
CVSS v3
6.3
EPSS
0.0030
EPSS Percentile
21.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-698
CWE-705
Status
published
Products (1)
a4m4/Student-Management-System
f0c5f6842c5e8c431ff02b5260a565ca844df3a0
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026