CVE-2026-10272
MEDIUMa4m4 Student-Management-System deleteform.php improper authorization
Title source: cnaDescription
A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367551 | a4m4 Student-Management-System deleteform.php improper authorization
https://vuldb.com/vuln/367551
Signature, Permissions Required signature
permissions-required
VDB-367551 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367551/cti
Third Party Advisory third-party-advisory
CVE-2026-10272 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10272
Third Party Advisory third-party-advisory
Submit #825241 | a4m4 Student-Management-System--PHP- 1.0 Unauthenticated Access
https://vuldb.com/submit/825241
Exploit exploit
issue-tracking
https://github.com/a4m4/Student-Management-System--PHP-/issues/3
Scores
CVSS v3
6.5
EPSS
0.0031
EPSS Percentile
22.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
a4m4/Student-Management-System
f0c5f6842c5e8c431ff02b5260a565ca844df3a0
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026