Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-2984 is a vulnerability in SourceCodester Student Result Management System version 1.0, specifically in the file /admin/core/drop_user.php. The vulnerability arises from improper handling of the 'id' argument in a GET request, which allows an attacker to manipulate this parameter."}, {'type': 'paragraph', 'content': "This manipulation can lead to a denial of service (DoS) condition by deleting critical user accounts, such as the Super Administrator account, from the system's staff database. The attack can be executed remotely without any authentication or authorization, making it easily exploitable."}, {'type': 'paragraph', 'content': 'The vulnerability corresponds to CWE-404, indicating incorrect resource release, and aligns with the MITRE ATT&CK technique T1499 (Endpoint Denial of Service). A proof-of-concept exploit is publicly available.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can cause a denial of service by permanently deleting the Super Administrator account from the system, effectively locking out administrative access and management capabilities.'}, {'type': 'paragraph', 'content': "As a result, the system's availability and integrity are compromised, preventing legitimate users from managing or maintaining the system."}, {'type': 'paragraph', 'content': "Since the attack can be performed remotely without authentication, it poses a significant risk to the affected system's operational continuity."}] [1, 2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the SourceCodester Student Result Management System version 1.0 is running and if the vulnerable script /admin/core/drop_user.php is accessible remotely.'}, {'type': 'paragraph', 'content': 'One method to detect vulnerable targets is by using Google dorking with the query: inurl:admin/core/drop_user.php.'}, {'type': 'paragraph', 'content': 'To test on your system or network, you can attempt to send a crafted HTTP GET request to the /admin/core/drop_user.php endpoint with an id parameter, for example:'}, {'type': 'list_item', 'content': 'curl -v "http://[target]/admin/core/drop_user.php?id=1"'}, {'type': 'paragraph', 'content': 'If the system responds in a way that causes denial of service or deletes the administrator account, it indicates the presence of the vulnerability.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

No known countermeasures or mitigations have been reported for this vulnerability.

The suggested immediate step is to replace the affected product with an alternative that does not contain this vulnerability.

Since the vulnerability allows unauthenticated remote deletion of the administrator account, restricting access to the /admin/core/drop_user.php endpoint via network controls (e.g., firewall rules) may help reduce exposure until a replacement or patch is applied.

Useful 0 Not Useful 0