CVE-2026-11533
MEDIUMimvks786 student_management_system Student Deletion Endpoint see.php improper authorization
Title source: cnaDescription
A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-369150 | imvks786 student_management_system Student Deletion Endpoint see.php improper authorization
https://vuldb.com/vuln/369150
Signature, Permissions Required signature
permissions-required
VDB-369150 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369150/cti
Third Party Advisory third-party-advisory
CVE-2026-11533 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11533
Third Party Advisory third-party-advisory
Submit #836636 | imvks786 student_management_system 1.0 Broken Access Control
https://vuldb.com/submit/836636
Exploit exploit
issue-tracking
https://github.com/imvks786/student_management_system/issues/4
Product product
https://github.com/imvks786/student_management_system/
Scores
CVSS v3
5.4
EPSS
0.0023
EPSS Percentile
13.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
imvks786/student_management_system
9599b560ad3c3b83e75d328b76bedcd489ef1f46
Published
Jun 08, 2026
Tracked Since
Jun 08, 2026